0 votes
in Linux by

Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."

Note: if you experience crashes or locks, turning off periodic writeback makes exploit stable.
echo 0 > /proc/sys/vm/dirty_writeback_centisecs

LinkUsageDescriptionFamily
------------
[dirtyc0w.c](https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c)`./dirtyc0w file content`Read-only write/proc/self/mem
[cowroot.c](https://gist.github.com/rverton/e9d4ff65d703a9084e85fa9df083c679)`./cowroot`SUID-based root/proc/self/mem
[dirtycow-mem.c](https://gist.github.com/scumjr/17d91f20f73157c722ba2aea702985d2)`./dirtycow-mem`libc-based root/proc/self/mem
[pokemon.c](https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c)`./d file content`Read-only writePTRACE_POKEDATA
[dirtycow.cr](https://github.com/xlucas/dirtycow.cr)`dirtycow --target --string --offset`Read-only write/proc/self/mem
[dirtyc0w.c](https://github.com/timwr/CVE-2016-5195)`./dirtycow file content`Read-only write (Android)/proc/self/mem
[dirtycow.rb](https://github.com/rapid7/metasploit-framework/pull/7476)`use exploit/linux/local/dirtycow` and `run`SUID-based root/proc/self/mem
[0xdeadbeef.c](https://github.com/scumjr/dirtycow-vdso)`./0xdeadbeef`vDSO-based rootPTRACE_POKEDATA
[naughtyc0w.c](https://gist.github.com/mak/c36136ccdbebf5ecfefd80c0f2ed6747)`./c0w suid`SUID-based root/proc/self/mem
[c0w.c](https://gist.github.com/KrE80r/42f8629577db95782d5e4f609f437a54)`./c0w`SUID-based rootPTRACE_POKEDATA
[dirty_pass[...].c](https://gist.github.com/ngaro/05e084ca638340723b309cd304be77b2)`./dirty_passwd_adjust_cow`/etc/passwd based root/proc/self/mem
[mucow.c](https://gist.github.com/chriscz/f1aca56cf15cfb7793db0141c15718cd)`./mucow destination < payload.exe`Read-only write (multi page)PTRACE_POKEDATA
[cowpy.c](https://github.com/nowsecure/dirtycow)`r2pm -i dirtycow`Read-only write (radare2)/proc/self/mem
[dirtycow.fasm](https://github.com/sivizius/dirtycow.fasm)`./main`SUID-based root/proc/self/mem
[dcow.cpp](https://github.com/gbonacini/CVE-2016-5195)`./dcow`/etc/passwd based root/proc/self/mem
[dirtyc0w.go](https://github.com/mengzhuo/dirty-cow-golang/blob/master/dirtyc0w.go)`go run dirtyc0w.go -f=file -c=content`Read-only write/proc/self/mem
[dirty.c](https://github.com/FireFart/dirtycow/blob/master/dirty.c)`./dirty`/etc/passwd based rootPTRACE_POKEDATA
[Dirty COW Tester](https://github.com/sideeffect42/DirtyCOWTester)`make && ./bin/dct`Read-only write/proc/self/mem
[exploit.c](https://github.com/hyln9/VIKIROOT)`./exploit`vDSO-based root (Android)PTRACE_POKEDATA
[cowcron.c](https://github.com/securifera/cowcron)`./cowcron`/etc/cron.hourly based root (RHEL)PTRACE_POKEDATA
    1. List of PoCs

Please log in or register to answer this question.

Welcome to My QtoA, where you can ask questions and receive answers from other members of the community.
...