Is RouterOS susceptible to CVE-2016-5195, DirtyCow?
I’d be interested in an statement too.
I suspect it is vulnerable but mitigated by no direct access to the proc file system and everything runs as root anyway.
Dirty Cow is a user rights elevation exploit. You install something, and it raises your user to root privileges.
- RouterOS users are already with root privileges
- You can’t install programs in RouterOS
RouterOS is not affected.
Normis, thank you for the statement. This helps.
If I’m reading this correctly then strictly the statement(s) to use are:
-
- The kernel is vulnerable
- mitigation 1: no known access path exists to exploit the vulnerability
- mitigation 2: privilege escalations are not required because all components of RouterOS run as root already
In other words, people who have added unsupported components to RouterOS which don’t comply with the two mitigations may find that they affected because the root problem is present.
So think of it like this…the vulnerability is present, but it is irrelevant because everything runs as root. The DirtyCOW vulnerability is used to escalate privileges from a non-root user to root. If nothing runs as a non-root user, then there’s really no local accounts that would need to escalate to root. If you’ve somehow managed to add in unsupported code into the ROS platform, and that code runs as a non-root user, then yes, you effectively will have created an attack vector someone could potentially use. In order for them to exploit the vulnerability, though, they need to be logged in as the non-root user, meaning they already have the credentials, or are able to break into the system in some other way.