Posts

Showing posts from August, 2022

DirtyCred : CVE-2022-2588

Image
  A vulnerability in the Linux kernel that allows data to be overwritten in arbitrary read-only files. Since unprivileged processes can inject code into parent processes, this vulnerability can lead to privilege escalation.  DirtyCred is a kernel exploit concept that exploits the heap memory reuse mechanism to obtain high privilege. This vulnerability is similar to the DirtyPipe  vulnerability ( CVE-2022-0847 ) impacting Linux kernel versions 5.8 and later. The attack includes 3 steps: 1.  Free an in-use unprivileged credential 2. Allocate privileged credentials in the free memory slot by triggering a privileged userspace process such as su, mount, or sshd 3. Operate as a privileged user Exploit in action: 1.      Login to the vulnerable machine and check the kernel version “ uname -a ” {The exploit works on most Centos 8 kernels higher than linux-4.18.0-305.el8 and most ubuntu 20 kernels higher than 5.4.0-87.98 and 5.11.0-37.41} 2.      Check the current user id and /etc/p