Dirty Cow Vulnerability – Check How Dirty It Is?

dirty-cow-vulnerabilityDirty cow vulnerability mainly affects major Linux Operating Systems. Below is the impact of this vulnerability –

Existing since nine years, the Dirty Cow vulnerability is found in Linux kernel and is privilege escalation vulnerability.  A security expert Phil Oester found this vulnerability that can be present in about every available Linux distribution.

A race condition was found in the way the memory subsystem of Linux kernel handled the copy-on-write (COW) breakage of private read-only-memory mappings. This flaw can be misused by an unprivileged local user to gain write access to other read-only memory mappings and further increase their privileges on the system.

The race condition refers to the electronic, software or other systems’ action where the output is dependent on the sequence or timing of other events that are controllable. This action gets converted into a bug when the events don’t occur in the planned order by the programmer.

It’s possible that an attacker can abuse this for modifying existing setup files with instructions to elevate privileges. It’s been observed that the distributions have been affected by the Dirty Cow vulnerability. The security communities need to deploy trapping devices to entrap the attackers. Also, the owners need to be vigilant about exploitation attempts since this bug doesn’t leave any trace any trace or anomalous logs.

Note:  Be cautious and install a fix for this bug as soon as possible. Simply follow the steps below to ensure your protection –

Check Vulnerability –

Ubuntu/Debian

Check your kernel version in order to find out if your server is affected.

uname –rv

Your Output –

4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is older than those mentioned below, you are affected:

4.8.0-26.28 for Ubuntu 16.10

4.4.0-45.66 for Ubuntu 16.04 LTS

3.13.0-100.147 for Ubuntu 14.04 LTS

3.2.0-113.155 for Ubuntu 12.04 LTS

3.16.36-1+deb8u2 for Debian 8

3.2.82-1 for Debian 7

4.7.8-1 for Debian unstable

Centos

1) First download the script

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

2) Run it with bash:

bash rh-cve-2016-5195_1.sh

3) If you’re vulnerable, you’ll see output like this:

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable

Red Hat recommends that you update your kernel. Alternatively, you can apply

partial mitigation described at

https://access.redhat.com/security/vulnerabilities/2706661

Fix –

Fortunately, applying the fix is straightforward: update your system and reboot your server.

Centos

You can update all of your packages on Centos 5, 6, and 7 with

sudo yum update

But if you only want to update the kernel to address this bug, run

sudo yum update kernel

Ubuntu/Debian

sudo apt-get update && sudo apt-get dist-upgrade

This entry was posted in Dedicated Website Hosting. Bookmark the permalink.