|
Holy cow, we have been dirty for 9 years
http://arstechnica.com/security/2016...ctive-exploit/
Quite a massive number of devices that are vulnerable to this bug as it's quite an old feature and only discovered now. Then to think many android phones won't get an kernel-update probably. I am assuming android is just as vulnerable as any other linux distro with old kernel. |
Re: Holy cow, we have been dirty for 9 years
A distaster for the servers and a Holy Grail for the handhelds.
|
Re: Holy cow, we have been dirty for 9 years
AFAIU you first have to login via ssh(or similar) as normal user to the phone before you can gain root access I don't see it as critical on phone but worse on web sites.
"The exploits can be used against Web hosting providers that provide shell access" And how many of you give out ssh access to your phone? However I hope SFOS next release has the fix. |
Re: Holy cow, we have been dirty for 9 years
this exploit can be easily used by any malware application you install :)
|
Re: Holy cow, we have been dirty for 9 years
Apparently the "fix" was identified, any ideas when this will be backported to KP?
Not sure about 2.6.28, but backported to my 4.0.5 server, there had been changes so the patch in the commit wouldn't cleanly go in... but was close enough to easily figure out Supposedly it's been around since 2.6.22 but "harder" to exploit ... and as I don't have many random binaries I run on my N900, probably somewhat safe. The regular PCs with <koff>flashplayer and any with outward facing shell access I have to be worried about... |
Re: Holy cow, we have been dirty for 9 years
Quote:
BUT at the same time you could root your own phone if you need it and if the phone manufacturer prevents you from getting root access. So I find this vulnerability as somewhat good for the handhelds power users. Quote:
|
Re: Holy cow, we have been dirty for 9 years
Quote:
Honestly, if you install "Brain Test" applications, you're bound to get hacked in some way eventually. Every time these supposedly extreme security flaws come up, it turns out to be something you need to explicitly allow. That isn't a security problem, it's a user problem, and those have turned out to be impossible to fix. |
Re: Holy cow, we have been dirty for 9 years
Quote:
|
Re: Holy cow, we have been dirty for 9 years
9 years. So much for shallow bugs.
|
Re: Holy cow, we have been dirty for 9 years
Quote:
On an Android phone I assume with cyanogenmod (no gapps) and only install apps from the f-droid repo you will prevent installing any malicious software and are relatively safe. |
Re: Holy cow, we have been dirty for 9 years
Well, it looks like kernel 3.10 and later are the "easy to exploit" so it sounds like we might be semi-safe on Maemo. Still worrysome.
I have yet to try this on my android phone, then again I don't use my android phone that much. In any case you don't need permissions to run the dirty cow exploit, it's just regular code (but it looks like you may need multithreading enabled as well as being able to write to your own address space through /proc.) In android I wish it were possible to fine grain control all the functions that they say on those "XYZ needs access to ABC"... Just let them install, but the user gets to control whether XYZ actually gets to use feature ABC. Even better, return garbage information. Now that's what I wish could be done. |
Re: Holy cow, we have been dirty for 9 years
Malware and exploits on Darwin/OS X, Windows... well, being Windows and now this.
Not a one system is without exploits. |
Re: Holy cow, we have been dirty for 9 years
In case you want to experiment, this PoC can help identify if vulnerable.
https://github.com/dirtycow/dirtycow...ter/dirtyc0w.c |
Re: Holy cow, we have been dirty for 9 years
9 years? seriously, and some of members talk about security like God himself recently...
|
Re: Holy cow, we have been dirty for 9 years
hmmmmmm......... so that's why turing phone isn't out yet :D
|
Re: Holy cow, we have been dirty for 9 years
Quote:
It does exactly what you say: let stuff install, pop up with questions after install allowing you to decide for yourself A.nd to leave things working as they should, it reportedly feed garbage dummy information to the agressor app. So I get Viber running without address book access. If I remember correctly, the thing had to be rooted and something called Exposed framework had to be installed. It is not my favorite activity and I hope one day this becomes much easier and straight forward to install. But once you get Xprivacy running, you feel a big relief, I can tell you that ;) |
Re: Holy cow, we have been dirty for 9 years
Quote:
I just quickly tested it on my main workstation running 4.4.0-36, Jolla sbj1 running 3.4.0 and a fedora cloud image running 4.6.4-301 kernels using the above demo exploit. On all of those devices the result was as expected, the user process was able to gain root using the leaking CoW. Same thing applies as always; do not run unknown binaries in your system. Fortunately this is an exploit not easily used remotely. |
Re: Holy cow, we have been dirty for 9 years
|
Re: Holy cow, we have been dirty for 9 years
On the other hand maybe it also makes it easier for a person to "root" their Android phones without actually going through the process.. :D:D
|
| All times are GMT. The time now is 23:04. |
vBulletin® Version 3.8.8