DirtyCred : CVE-2022-2588

 


  • A vulnerability in the Linux kernel that allows data to be overwritten in arbitrary read-only files. Since unprivileged processes can inject code into parent processes, this vulnerability can lead to privilege escalation. 

  • DirtyCred is a kernel exploit concept that exploits the heap memory reuse mechanism to obtain high privilege.
  • This vulnerability is similar to the DirtyPipe vulnerability (CVE-2022-0847) impacting Linux kernel versions 5.8 and later.

The attack includes 3 steps:

1.  Free an in-use unprivileged credential

2. Allocate privileged credentials in the free memory slot by triggering a privileged userspace process such as su, mount, or sshd

3. Operate as a privileged user


Exploit in action:

1.     Login to the vulnerable machine and check the kernel version “uname -a” {The exploit works on most Centos 8 kernels higher than linux-4.18.0-305.el8 and most ubuntu 20 kernels higher than 5.4.0-87.98 and 5.11.0-37.41}

2.     Check the current user id and /etc/passwd file, note that the current user doesn’t have  write permission to /etc/passwd file




       3.  In your Linux system copy and save the exp.c exploit code provided here 
             
            $nano exp.c

4.  Compile the c file using gcc

            $gcc exp.c -o dirtycred -lpthread

       
       5.  Run the exploit and wait for it to complete
 
           $./dirtycred


       6. Now, check the /etc/passwd file again and note that the password file is modified (some text is               added, and root account details are modified), indicating that the attack was                                               successful
  

Reference:

https://www.esecurityplanet.com/threats/linux-exploit-dirty-cred/

https://github.com/Markakd/DirtyCred

Thanks for reading 😊

Feel free to point out any mistakes or let me know if there is anything I should add 😊

Keep Learning, Keep growing 😊

Comments

Popular posts from this blog

SQL Injection – “Let’s dump the database”

XML Injection

Formula Injection