A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild.
Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade.
And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild.
Yes, I rooted my phone today with it
Linux BTFO
The bug, marked as "High" priority, gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malicious program can tamper with read-only root-owned executable files and setuid executables.
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings," reads the website dedicated to Dirty COW.
"An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
The Dirty COW vulnerability has been present in the Linux kernel since version 2.6.22 in 2007, and is also believed to be present in Android, which is powered by the Linux kernel.
http://thehackernews.com/2016/10/linux-kernel-exploit.html
DEAD
BTFO
T
F
O
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3238
>>57278673
Requires physical access to the machine
Already patched
FINALLY. I'VE BEEN LOOKING FOR A WAY TO root MY PHONE.
>>57278944
>Already patched
NOT.
Every Android phone even the newest one has this vulnerability.
>>57279087
It's patched in the kernel, it's up to the carriers to release the update to the devices.
>>57279109
>up to carriers
HAHAHAHAHAHAAAAAAAA
Seeing as it's been a little over a week since this was discovered and patched, I'm not surprised that /g/ isn't shitstorming about it now. Anyone have any screencaps of this place when the bug was found? I'm interested to know if everyone lost their shit or if this board really is just /v/ version 2 and only pretends to use linux.