On October 20th, security researchers identified a Linux privilege escalation vulnerability being exploited in the wild. This vulnerability, dubbed DirtyCow, has existed since Kernel version 2.6.22 (released in 2007). There is already exploit proof of concept code available. In essence, to exploit the vulnerability, an attacker needs to be able to write a file to the filesystem and execute it; this vulnerability is also applicable in cases where a web server allows the attacker to upload and execute a file on the system. For more information about the vulnerability, please visit: https://dirtycow.ninja/
Patches already exist on many Linux flavors, and the Information Security Office recommends that you patch ASAP.
As always, the UCLA Information Security Office recommends that users patch their systems as soon as a patch is available. Please contact us at security@ucla.edu with any questions or concerns with regard to this vulnerability.
