Existing since nine years, the Dirty Cow vulnerability is found in Linux kernel and is privilege escalation vulnerability. A security expert Phil Oester found this vulnerability that can be present in about every available Linux distribution.
A race condition was found in the way the memory subsystem of Linux kernel handled the copy-on-write (COW) breakage of private read-only-memory mappings. This flaw can be misused by an unprivileged local user to gain write access to other read-only memory mappings and further increase their privileges on the system.
The race condition refers to the electronic, software or other systems’ action where the output is dependent on the sequence or timing of other events that are controllable. This action gets converted into a bug when the events don’t occur in the planned order by the programmer.
It’s possible that an attacker can abuse this for modifying existing setup files with instructions to elevate privileges. It’s been observed that the distributions have been affected by the Dirty Cow vulnerability. The security communities need to deploy trapping devices to entrap the attackers. Also, the owners need to be vigilant about exploitation attempts since this bug doesn’t leave any trace any trace or anomalous logs.
Note: Be cautious and install a fix for this bug as soon as possible. Simply follow the steps below to ensure your protection –
Check Vulnerability –
Check your kernel version in order to find out if your server is affected.
Your Output –
If your version is older than those mentioned below, you are affected:
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
1) First download the script
2) Run it with bash:
3) If you’re vulnerable, you’ll see output like this:
Red Hat recommends that you update your kernel. Alternatively, you can apply
partial mitigation described at
Fortunately, applying the fix is straightforward: update your system and reboot your server.
You can update all of your packages on Centos 5, 6, and 7 with
But if you only want to update the kernel to address this bug, run