Announcement

Collapse
No announcement yet.

How to Fix Dirty COW Linux Kernel Vulnerability Bug?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gmbexpert2020
    replied

    This bug demonstrates the importance of patch auditing in the security ... Related: "Dirty COW" Linux Kernel Exploit Seen in the Wild.

    Leave a comment:


  • How to Fix Dirty COW Linux Kernel Vulnerability Bug?



    A week ago an extreme vulnerability in the Linux kernel, the alleged Dirty COW, was accounted for. Our enthusiastic Linux kernel team quickly resolved the issues and could fix it in less than 24 hours on nearly all of our servers. Furthermore, we figured out how to do this without server reboot and we stayed away from the downtime that usually results from such kernel revised activities. To find out more about the vulnerability and how we dealt with it read below.

    What is Dirty COW vulnerability?

    Dirty COW (CVE-2016-5195) is known as a "privilege escalation bug" in the Linux Kernel. The Dirty Cow bug was firstly announced nine years back and has been sitting overlooked for quite a bit of that time.

    The Dirty COW vulnerability allows attackers to get root access to web servers and take control over the complete system. The security gap was identified by researcher Phil Oester, who discovered a contest condition in the way the Linux kernel's memory subsystem manages copy-on-write (COW) breakages of private read-only memory mappings. Attackers may use this to get write access in place of read-only mappings and in this way take control over entire systems.

    The bug is as of now fixed on a few of the Linux versions, including Ubuntu, Red Hat and Debian. In any case, for a huge number of different devices that run Linux, especially surrounded versions of the operating system, the patch will be tough to apply and possibly nonexistent.

    For further technical information, you can check the following.

    According to the reports, Linux distro versions are vulnerable as mentioned below.
    • Red Hat Enterprise Linux 7.x
    • Red Hat Enterprise Linux 6.x
    • Red Hat Enterprise Linux 5.x
    • CentOS Linux 7.x
    • CentOS Linux 6.x
    • CentOS Linux 5.x
    • Ubuntu Linux precise (LTS 12.04)
    • Ubuntu Linux trusty
    • Ubuntu Linux xenial (LTS 16.04)
    • Ubuntu Linux yakkety
    • Ubuntu Linux vivid/ubuntu-core
    • Debian Linux wheezy
    • Debian Linux jessie
    • Debian Linux stretch
    • Debian Linux sid
    • SUSE Linux Enterprise 11 and 12.
    • Openwrt



    Note: The mentioned list as above is not a complete list but fairly a list of the most popular Linux distros.

    How to check Dirty COW vulnerability?

    Ubuntu/Debian

    To find out if your server is affected, check your kernel version.

    uname -rv
    You will see output like this:
    4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
    If you are using earlier version than the following, you are affected:
    • 4.8.0-26.28 for Ubuntu 16.10
    • 4.4.0-45.66 for Ubuntu 16.04 LTS
    • 3.13.0-100.147 for Ubuntu 14.04 LTS
    • 3.2.0-113.155 for Ubuntu 12.04 LTS
    • 3.16.36-1+deb8u2 for Debian 8
    • 3.2.82-1 for Debian 7
    • 4.7.8-1 for Debian unstable



    CentOS

    Few versions of CentOS can use this script provided by RedHat for RHEL to test your server's vulnerability. To try it, first download the script.
    wget
    Then run it with bash.
    bash rh-cve-2016-5195_1.sh
    If you're vulnerable, you will see output like this:
    Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
    Red Hat recommends that you update your kernel. Alternatively, you can apply partial mitigation described at https://access.redhat.com/security/v...lities/2706661.

    How to Fix Dirty COW Vulnerability?

    Fortunately, applying the fix is straightforward: update your system and reboot your server.

    Ubuntu/Debian

    Update and upgrade your packages using apt-get.
    sudo apt-get update && sudo apt-get dist-upgrade
    Note: On older versions of Ubuntu, like 14.04, you'll also need to select the GrubLoader kernel. To do this, go to the control panel, click on the server you want to update. Then, click Kernel in the menu on the left and choose the GrubLoader kernel.

    Finally, you have to reboot your server to apply the changes.
    sudo reboot
    CentOS

    Right now, we're still waiting on a fix for CentOS 5 and 6. In the interim, you can use this workaround from the Red Hat bug tracker.

    To update your kernel on CentOS 7, run:
    sudo yum update
    Then, reboot your server.
    sudo reboot
    If you find any difficulty with this, please feel free to get in touch with us via. Live chat or email.
Working...
X