Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'.
This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild.
Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used.
"The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.
"As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP."
Oester said that he uncovered the exploit for the bug, which has been around since 2007, while examining a server that appeared to have been attacked.
"One of the sites I manage was compromised, and an exploit of this issue was uploaded and executed. A few years ago I started packet capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox," he told V3.
"These rolling packet captures have proved invaluable numerous times. I would recommend this extra security measure to all admins."
The Dirty COW moniker was applied as a descriptive of the security flaw. "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write [COW] breakage of private read-only memory mappings," Red Hat warned in an advisory published today.
"An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
Furthermore, the complexity of the attacks that have been seen in the wild may make it difficult for antivirus and other security software to identify.
"Although the attack can happen in different layers, antivirus signatures that detect Dirty COW could be developed," warned an advisory.
"Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary.
"This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether."
The flaw has been written up in the CVE database.
Computing's Enterprise Security & Risk Management Summit returns on 24 November. Entrance is FREE to qualifying IT leaders and computing professionals, but places are going fast, so register now.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23