Jump to content


Dirty COW Linux Vulnerability


  • Please log in to reply
No replies to this topic

#1 Guest_Justin Thomas_*

Guest_Justin Thomas_*
  • Guests

Posted 24 October 2016 - 01:28 PM

Vulnerability (CVE-2016-5195)

The Dirty Cow Linux bug



Introduction

A privilege escalation vulnerability being branded as “Dirty Cow” (CVE-2016-5195) was recently discovered and fixed yesterday in the Linux Kernel. It has existed for 11 years, so pretty much every device running Linux is affected (this includes VMs, physical machines, mobile devices, and so on) and, in general, distros from every vendor are affected. Fortunately, most major distributions have already released a fix. However, if you're running an older server, you can follow this tutorial to check and patch your server.

Detect if you are  vulnerable !

Debian/Ubuntu

To find out if your server is affected, check your kernel version.
$ uname -rv


You'll see output like this:
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is earlier than the following, you are affected:
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable

CentOS

If you're on CentOS, you can use this script provided by RedHat to test your server's vulnerability. To do so, first download the script.
wget https://access.redha...-2016-5195_1.sh

Then run it with bash.
bash rh-cve-2016-5195_1.sh

If you're vulnerable, you'll see output like this:
Output
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.

How to fix the Vulnerability

Fortunately, applying the fix is straightforward: update your system and reboot your server.

Debian/Ubuntu


Update and upgrade your packages using apt-get.
sudo apt-get update && sudo apt-get dist-upgrade

You'll need to reboot your server to apply the changes.
sudo reboot

CentOS
At this time, we're still waiting for Red Hat to release a patched kernel. This tutorial will be updated with instructions on how to secure your CentOS server as soon as possible. In the interim, you can use this workaround 

As always, there are subtleties and potential defenses and configurations which may make this a non-issue for your specific situation, so we’ll leave the assessment up to you – but our general advice is to upgrade your kernels and reboot as soon as possible.

For the curious, here’s the patch from Linus Torvalds.


Updating the Kernel

A Kernel upgrade to 3.10.0-327.36.3 is now available via yum update, you can see it available below

http://mirror.centos...86_64/Packages/
http://rhn.redhat.co...-2016-2098.html
http://rhn.redhat.co...-2016-2105.html


You can either initiate a full yum update:

yum update

Alternatively, just update the kernel packages:

yum update "kernel-*"

As this update has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

yum clean all






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users