Browse > Article
http://dx.doi.org/10.7236/IJIBC.2022.14.3.17

A study on Dirty Pipe Linux vulnerability  

Tanwar, Saurav (Division of Computer Science & Engineering, Sahmyook Univ.)
Kim, Hee Wan (Division of Computer Science & Engineering, Sahmyook Univ.)
Publication Information
International Journal of Internet, Broadcasting and Communication / v.14, no.3, 2022 , pp. 17-21 More about this Journal
Abstract
In this study, we wanted to examine the new vulnerability 'Dirty Pipe' that is founded in Linux kernel. how it's exploited and what is the limitation, where it's existed, and overcome techniques and analysis of the Linux kernel package. The study of the method used the hmark[1] program to check the vulnerabilities. Hmark is a whitebox testing tool that helps to analyze the vulnerability based on static whitebox testing and automated verification. For this purpose of our study, we analyzed Linux kernel code that is downloaded from an open-source website. Then by analyzing the hmark tool results, we identified in which file of the kernel it exists, cvss level, statistically depicted vulnerabilities on graph which is easy to understand. Furthermore, we will talk about some software we can use to analyze a vulnerability and how hmark software works. In the case of the Dirty Pipe vulnerability in Linux allows non-privileged users to execute malicious code capable of a host of destructive actions including installing backdoors into the system, injecting code into scripts, altering binaries used by elevated programs, and creating unauthorized user profiles. This bug is being tracked as CVE-2022-0847 and has been termed "Dirty Pipe"[2] since it bears a close resemblance to Dirty Cow[3], and easily exploitable Linux vulnerability from 2016 which granted a bad actor an identical level of privileges and powers.
Keywords
Dirty pipe; Dirty cow; Linux vulnerability; CVE-2022-0847; Hmark;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Internet of Things simplified, https://iotcube.net/
2 How To fix the Dirty Pipe Vulnerability in Linux Kernel - CVE-2022-0847, https://thesecmaster.com/how-to-fix-the-dirty-pipe-vulnerability-in-linux-kernel-cve-2022-0847/
3 How To Mitigate CVE-2022-0847 (The Dirty Pipe Vulnerability), https://www.ivanti.com/blog/how-to-mitigate-cve-2022-0847-the-dirty-pipe-vulnerability
4 References to Advisories, Solutions, and Tools, https://nvd.nist.gov/vuln/detail/CVE-2022-0847
5 Dirty Cow, https://www.cs.toronto.edu/~arnold/427/18s/427_18S/indepth/dirty-cow/index.html
6 Secure Software Supply Chain Management, https://iotcube.net/userguide/manual/hmark