CVE Series: Dirty Pipe (CVE-2022-0847)

Cybrary
Course

Dirty Pipe (CVE-2022-0847) is the most critical vulnerability to impact Linux distributions in years. By exploiting this local kernel flaw, adversaries can quickly escalate privileges and even gain root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.

Time
1 hour 20 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: Dirty Pipe Exploitation
Dirty Pipe Introduction and Background
10m
Identifying the Dirty Pipe Vulnerability
10m
Exploiting the Dirty Pipe Vulnerability
30m
Module 2: Dirty Pipe Mitigation

2.1Mitigating the Dirty Pipe Vulnerability

30m
Course Description

Who should take this course?

Our Dirty Pipe (CVE-2022-0847) course is designed for defensive and offensive security professionals. Seasoned penetration testers, red teamers, security and vulnerability analysts, and system administrators will learn how to protect against this critical vulnerability and exploit it in their testing activities. You will need a functional understanding of Linux OS and the command line to practice techniques for exploiting the Dirty Pipe vulnerability with publicly available exploit code.

Why take this course?

The Dirty Pipe vulnerability was publicly disclosed on March 7th, 2022, when a log file corruption problem was identified as a Linux kernel bug. Any Linux kernel since 5.8 is vulnerable to the Dirty Pipe attack, including Android mobile devices. As a result, the Dirty Pipe vulnerability has earned a high CVSS score of 7.8.

Following in the footsteps of other privilege escalation vulnerabilities like the Polkit, and local kernel flaws like Dirty Cow, this newly disclosed Dirty Pipe attack is dangerous and easier for adversaries to exploit. The bug lies in the pipeline where an OS process can transfer data to another. Researchers have found that any user can use an SSH key to quickly escalate privileges and gain root access in minutes. With these privileges, the adversary can do a lot of damage, such as execute ransomware attacks, collect and exfiltrate sensitive data, and destroy assets.

So what can you do about this critical vulnerability? Our course discusses the official patch released by the major Linux distros and what security professionals should consider as more research develops on mitigation strategies. Get hands-on experience exploiting this vulnerability in a secure virtual lab environment and develop the skills you need to protect your environment.

What makes this course different from other courses on similar topics?

After completing this course, you will be able to:

  • Understand the Dirty Pipe vulnerability and its root cause.

  • Identify the Dirty Pipe vulnerability, detect exploits, and determine if your organization is impacted by this Linux kernel flaw.

  • Communicate the potential impact to stakeholders across your organization.

  • Exploit this vulnerability using publicly available exploit code.

  • Execute various mitigation tactics to reduce risk.

  • Remediate this vulnerability on both Linux systems and Android devices.

  • Share effective exploitation and mitigation strategies.

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Dirty Pipe vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against what researchers are saying is one of the most dangerous threats to hit Linux distributions in over five years. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.