October 24, 2016

Linux Has a 9-Year-Old Bug That Requires Your Attention

Written by

Open-source software vendor Red Hat has warned all businesses and humans currently using Linux to patch their servers as soon as possible or risk falling victim to the Dirty COW security flaw.

Phil Oester, the analyst who caught the flaw, told V3, “The exploit in the wild is trivial to execute, never fails, and has probably been around for years . . .”

ALSO READ: VMware vs. VirtualBox: Which is Better for Desktop Virtualization? 

The name Dirty COW refers to the flaw’s relationship with the copy-on-write in the Linux kernel’s memory subsystem. Basically, the Linux kernel memory system can malfunction during certain processes related to memory, which consequently bestows write access to users who can then change their privileges on the server.

Obviously, this is quite bad, because the exploit enables any user to restructure their privileges to match those of an administrator and make changes at the root server level. Here’s a 12 minute video that explains more:

Linux has already released a patch, and Red Hat is reportedly working on updates. Oester, the hero who first identified the exploit, admonishes Linux users to “take this bug very seriously, and patch their systems ASAP.”

A Chilling Effect

The open-source Linux OS has long played second fiddle to Windows when it comes to desktop deployments, but there’s a different story unfolding in the enterprise.

A study by The Linux Foundation and the Yeoman Technology Group found that between 2011 and 2014, deployment of Linux to support enterprise server applications grew from 65 percent to 79 percent. Windows deployment dropped from 45 percent to 36 percent in the same period.

Of the enterprises included in the study, 75 percent said they use Linux as their primary cloud platform. Linux’s growth in the enterprise cloud market is particularly significant given that a many large enterprises will likely shift to a hybrid cloud model in the next three years. If things keep going well, then Linux looks well positioned to secure their place as the leading system for enterprise deployments.

But few would consider a 9-year-old bug that enables copy-on-write exploitation to be a good thing for Linux, especially since the OS is often lauded for its security capabilities.

Will the Dirty COW have a chilling effect on Linux adoption?

It seems unlikely. Keepers of the Linux kernel have already issued a patch, and one could argue that Linux’s open-source framework actually encourages ongoing security improvements, making bugs easier to deal with when they do surface.

Either way, if you’re using Linux at home or in the office, it’s time to download a patch.