Devastating ‘Dirty Frag’ exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given

Devastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-li

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals. ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-23/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Bruno Ferreira Social Links Navigation Contributor Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

bit_user Again, this is a local exploit. This should really be stated in the headline, which is too alarmist as written. It's not until the second paragraph that this is mentioned. Yes, it's bad (mainly in terms of being published before patches were fully out, as we've seen plenty of privilege escalation exploits before). However, in the thread about the Copy Fail exploit, we saw that some folks clearly got the impression the vulnerability directly enabled a remote attacker to gain root access, which it didn't. Please take care not to mislead people. I'd suggest the headline should characterize it as a privilege-escalation exploit, which is the usual way of describing them. Reply

chaos215bar2 git clone https://github.com/V4bel/dirtyfrag.git && cd dirtyfrag && gcc -O0 -Wall -o exp exp.c -lutil && ./exp Is Tom's Hardware really sure they want to be recommending people download, build, and run code straight from some Github repository without even bothering to explain who's repository this is? I mean, I'm going to assume this has been vetted and the repository is from a very well trusted source, but telling people to execute code effectively straight from a repository without further vetting doesn't exactly seem like the kind of thing you want to be recommending people do in an article about the second Linux zero day to drop in quick succession. Reply

bit_user chaos215bar2 said: Is Tom's Hardware really sure they want to be recommending people download, build, and run code straight from some Github repository without even bothering to explain who's repository this is? Yeah, I'd say just link the repository. It has a readme which says how to execute it, if that's what someone chooses to do. But, you could also just study the source code by browsing it. Reply

rluker5 I like that Tom's posted a fix. I rarely run Linux, mostly just to occasionally check it out, know almost nothing about it, but would have no problem copy/pasting that line to put myself at ease. Reply

bit_user ThisIsMe said: It’s not limited to local only. It can be remotely executed by any user that has remote access to the Linux device. What the local/remote thing is really meant to distinguish is whether or not you're authenticated . Someone who is not logged in to a machine and doesn't have a way of making an authenticated user execute arbitrary code cannot apply this exploit. ThisIsMe said: This could also affect systems that have other software running on them with possible vulnerabilities that let you execute code within its context. Yes, if there's a remote-access exploit, which grants access or execution privileges to a remote, unauthenticated actor, then they can combine such remote-access or code-execution exploits with privilege-escalation. Reply

JarredWaltonGPU bit_user said: What the local/remote thing is really meant to distinguish is whether or not you're authenticated . Someone who is not logged in to a machine and doesn't have a way of making an authenticated user execute arbitrary code cannot apply this exploit. Yes, if there's a remote-access exploit, which grants access or execution privileges to a remote, unauthenticated actor, then they can combine such remote-access or code-execution exploits with privilege-escalation. Seems like this would be pretty catastrophic in hosted Linux instances, as you could get root on any box. Hopefully the VMs are sandboxed off and can't affect other VMs on the same hardware. Still having full root access to any Linux system where you have an account is pretty bad. And any employee of a company who might be leaving could get root as well. Basically, while it doesn't inherently affect everyone, even a local account hack to get root is terrible and can't really be overstated as a serious issue. IMO Reply

bit_user JarredWaltonGPU said: Seems like this would be pretty catastrophic in hosted Linux instances, as you could get root on any box. Are you talking about gaining root, on the hypervisor? The hypervisor usually isn't Linux, and even with root on the hypervisor, properly-managed servers should use technologies like SEV that prevent the host from being able to see into the tenant VMs. At worst, having root on such a host would mean you can shutdown or de-provision guests, but you can't steal their data (unless using an unmitigated side-channel attack) or login to them. JarredWaltonGPU said: having full root access to any Linux system where you have an account is pretty bad. And any employee of a company who might be leaving could get root as well. The way most professional Linux environments are setup, normal employees only have an account on their local machines, which are not privileged in any way. So, getting root on your desktop won't then enable you to gain root access on a database server or fileserver. JarredWaltonGPU said: even a local account hack to get root is terrible and can't really be overstated as a serious issue. IMO Yes, it can be overstated. Like I said, it's not as if an unauthenticated remote user can directly use this exploit to access a box (root or otherwise). Nor (generally speaking) the other scenarios you outlined. Reply

wakuwaku bit_user said: Again, this is a local exploit. This should really be stated in the headline, which is too alarmist as written. It's not until the second paragraph that this is mentioned. Yes, it's bad (mainly in terms of being published before patches were fully out, as we've seen plenty of privilege escalation exploits before). However, in the thread about the Copy Fail exploit, we saw that some folks clearly got the impression the vulnerability directly enabled a remote attacker to gain root access, which it didn't. Please take care not to mislead people. I'd suggest the headline should characterize it as a privilege-escalation exploit, which is the usual way of describing them. SEO and keeping the AI fed is more important than the well being of Tom's people. Reply

vossile "and unlikely to affect the functioning of the vast majority of servers" I checked several of my servers. Nothing there. This sort of clickbaiting is annoying. Reply

Devastating ‘Dirty Frag’ exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-li

Key considerations

Reference reading

More on this site

Leave a Comment Cancel reply

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply