Secure and Fix dirty COW Linux Vulnerability

Uncategorized

What is Dirty COW Vulnerability and why its called so ?

Dirty COW vulnerability allows attackers to gain root access to servers and take control over the whole system.A rare condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

What is the CVE-2016-5195 ?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Who found the Dirty COW vulnerability?

Phil Oester

How to check if vulnerability is affected on your server

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

# uname -rv

You’ll see output like this:

Output
4.4.0-42-generic #62-Ubuntu SMP Wed Oct 26 22:10:20 IST 2016

If your version is earlier than the following, you are affected:
– 4.8.0-26.28 for Ubuntu 16.10
– 4.4.0-45.66 for Ubuntu 16.04 LTS
– 3.13.0-100.147 for Ubuntu 14.04 LTS
– 3.2.0-113.155 for Ubuntu 12.04 LTS
– 3.16.36-1+deb8u2 for Debian 8
– 3.2.82-1 for Debian 7
– 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

# sh rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Output

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Standard Resolution

The easiest way to protect your computers running Linux is to update your Linux distro to the latest version. You can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,also you need to reboot after updating it.

Debian/Ubuntu:
# sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

RHEL:
# sudo yum update
# sudo reboot

CentOS:

To update your kernel on CentOS 7, run:
# sudo yum update

There is still no official update of the CentOS 5 and 6 kernel.we’re still waiting on a fix for CentOS 5 and 6. You can use this workaround from the Red Hat bug tracker.

You can find more technical details about the Dirty COW vulnerability and exploit on the bug’s official website dirtycowRedHat site and GitHub page.

 

Facebook Comments