The Dirty Pipe Vulnerability (CVE-2022-0847 )
Daniel Nashed – 8 March 2022 09:31:51
OMG. Forget about the last vulnerability we had with polkit.
This is really really bad and so easy to use if you have access to the machine.
Here is an official link -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
And this is the official detailed description from the person who discovered it and how --> https://dirtypipe.cm4all.com/
The good news:
Only >= 5.8 kernel is affected directly.
So if you are a good Domino admin, you did not run your Domino servers with a 5.x kernel, because it is not supported yet ;-)
But still you might have systems running 5.x kernels and you could be affected.
I checked today and I neither see a kernel update for CentOS Stream 9, Ubuntu or PhotonOS yet.
RHEL 8.x is still using a 4.x kernel and is not directly affected.
I updated SUSE Leap 15.3 which is now on kernel 5.3.18. So SUSE Leap is already safe!
Because the Max Kellermann already goes into detail how this happened, I don't need to explain.
It's actually a nice write-up about the history behind it and why he found it.
And I obviously don't need to explain the impact in detail..
I took his sample program and patched a /etc/passwd in seconds -- Oooops!
Personally I would not have posted that program in public.
I hope we are getting a kernel update soon.
-- Daniel
- Comments [1]