Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Linux

The Linux process and session model as part of security alerting and monitoring

The Linux process model, available within Elastic, allows users to write very targeted alerting rules and gain deeper insight into exactly what is happening on their Linux servers and desktops. In this blog, we will provide background on the Linux process model, a key aspect of how Linux workloads are represented.

Linux 'Dirty Pipe' vulnerability: Snyk explains the risk and what you can do to protect your systems

Last week, a critical vulnerability was discovered in Linux. Developer-first security company, Snyk, warns Linux users of the flaw in the Linux kernel that can be exploited by attackers allowing any process to modify files regardless of their permission settings or ownership.

Detecting and responding to Dirty Pipe with Elastic

In recent days, several security vendors have published blogs about the Linux-based exploitation (CVE-2022-0847), also known as Dirty Pipe. The Elastic Security Research team is sharing the first detailed research to help organizations find and alert on the exploitation with Elastic Security products. We are releasing this research so that users can defend themselves, since very little information has been shared on the actual detection of exploitation attempts.

The Dirty Pipe vulnerability: Overview, detection, and remediation

The situation with Dirty Pipe is rapidly evolving. We will update the information in this blog as it is released publicly. On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8.

CVE-2022-0847: "Dirty Pipe" Linux Local Privilege Escalation

Right on the heels of CVE-2022-4092, another local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” by the discoverer. MITRE has designated this as CVE-2022-0847. Similar to the “Dirty COW” exploit (CVE-2016-5195), this flaw abuses how the Kernel manages pages in pipes and impacts the latest versions of Linux.

"Dirty Pipe" Linux vulnerability and your containerized applications (CVE-2022-0847)

Recently, CVE-2022-0847 was created detailing a flaw in the Linux kernel that can be exploited allowing any process to modify files regardless of their permission settings or ownership. The vulnerability has been named “Dirty Pipe” by the security community due to its similarity to “Dirty COW”, a privilege escalation vulnerability reported in CVE-2016-5195, and because the flaw exists in the kernel pipeline implementation.