Hacking a Website and Gaining Root Access using Dirty COW Exploit

This is a demo on hacking a vulnerable website and gaining root privilege access using Dirty COW (CVE-2016-5195) exploit.

Dirty COW (CVE-2016-5195) is a kernel local privilege escalation vulnerability in the Linux kernel.

As described on Red Hat Customer Portal:


A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild.

In the demo, the DirtyCOW exploit PoC will be used to escalate privileges of a local user (in this case www-data) thus gaining root or administrator privileges in the vulnerable web server.

dirtycow exploit

A Dirty COW vulnerable web server was setup in order to show the exploit in action. To better understand how serious the security problem can potentially be, a vulnerable website was  also built – designed to be exploited to gain unprivileged local user access.

Hacking a Vulnerable Website and Escalating Privilege using Dirty COW (CVE-2016-5195) Exploit Demo Video

As you can see from the video, the www-data local user has been quickly escalated with root privileges.

You can determine if your system is vulnerable by using this bash script from Red Hat.

List of affected Linux distributions includes: (Note that you can verify or test if your system is vulnerable by using the script above.)

  • CentOS Linux 7.x
  • CentOS Linux 6.x
  • CentOS Linux 5.x
  • Debian Linux wheezy
  • Debian Linux jessie
  • Debian Linux stretch
  • Debian Linux sid
  • Ubuntu Linux precise (LTS 12.04)
  • Ubuntu Linux trusty
  • Ubuntu Linux xenial (LTS 16.04)
  • Ubuntu Linux yakkety
  • Ubuntu Linux vivid/ubuntu-core
  • Red Hat Enterprise Linux 7.x
  • Red Hat Enterprise Linux 6.x
  • Red Hat Enterprise Linux 5.x
  • SUSE Linux Enterprise 11
  • SUSE Linux Enterprise 12

How to Fix Dirty COW (CVE-2016-5195) on Linux

For Debian or Ubuntu Linux:
$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
For RHEL / CentOS Linux 5.x/6.x/7.x:
$ sudo yum update
For RHEL / CentOS Linux 4.x:
$ sudo up2date -u
For Suse Enterprise Linux or Opensuse Linux:
# zypper patch

Reboot your system afterwards, then verify by running the Dirty COW (CVE-2016-5195) vulnerability checker script again.


Leave a Reply