ISN 2022-04: Dirty Pipe Escalation of Privilege

First published 10th March 2022

CVSS 3.1 Base Score: 8.4 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the Linux kernel, nicknamed "Dirty Pipe", affects the following IGEL products:

• IGEL OS 11

Details

Dirty Pipe (CVE-2022-0847) is a vulnerability that has been found in Linux kernels since version 5.8. It enables an unprivileged local user to write to files that should be writeable for root only. By adding commands to root’s cron jobs or adding lines to the /etc/passwd file, for example, the attacker could escalate privilege and become root on the system.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.07.100.

Mitigation

This issue can be mitigated by not giving users access to a terminal/virtual console on IGEL OS, which they could use to configure and run the exploit code:

Remove an existing local terminal session:

1. In IGEL Setup, go to Accessories > Terminals.

2. Select a local terminal session you want to delete.

3. Click the trash icon to remove the selected session.

4. When prompted, confirm that you want to delete the session.

5. Click Apply.

Or password-protect the local terminal with the Administrator password:

1. Find the local terminal session under Accessories > Terminals.

2. Follow the instructions under IGEL OS > Versions of IGEL OS > (11.09-en) IGEL OS > (11.09-en) IGEL OS Articles > (11.09-en) Security > (11.09-en) Security IGEL OS Endpoints > (11.09-en) Setting Passwords > (11.09-en) Password-Protecting Sessions and Accessories.

Disable virtual console access:

1. In IGEL Setup, go to User Interface > Display > Access Control.

2. Activate Disable console switching (Default: Console switching enabled)

3. Click Apply.

References

• CVE-2022-0847: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847

• Max Kellerman, “The Dirty Pipe Vulnerability”: https://dirtypipe.cm4all.com