How to fix Dirty Cow vulnerability in CentOS, RedHat, Ubuntu, Debian, CloudLinux and OpenSuse Linux servers<\/p>\n
Dirty COW vulnerability was first discovered a decade ago and has been present in Linux kernel versions from 2.6.22, which was released in 2007.<\/p>\n
But the vulnerability gained attention only recently when hackers started exploiting it. This has led to the release of this bug as CVE-2016-5195 on October 19th, 2016.
\nWhat is Dirty Cow vulnerability (CVE-2016-5195)?<\/p>\n
CVE-2016-5195 aka \u201cDirty COW vulnerability\u201d involves a privilege escalation exploit which affects the way memory operations are handled.<\/p>\n
Since the feature that is affected by this bug is the copy-on-write (COW) mechanism in Linux kernel for managing \u2018dirty\u2019 memory pages, this vulnerability is termed \u2018Dirty COW\u2019.<\/p>\n
Misusing this flaw in kernel, an unprivileged local user can escalate his privileges in the system and thus gain write access on read-only memory updates.<\/p>\n
Using this privilege escalation, local users can write to any file that they can read. Any malicious application or user can thus tamper with critical read-only root-owned files.
\nIs Dirty Cow vulnerability (CVE-2016-5195) critical?<\/p>\n
Dirty COW vulnerability affects the Linux kernel. Most open-source operating systems such as RedHat, Ubuntu, Fedora, Debian, etc. are based over Linux kernel.<\/p>\n
As a result, this vulnerability is a \u2018High\u2019 priority one as it can affect a huge percentage of servers running over Linux and Android kernels.<\/p>\n
CVE-2016-5195 exploit can be misused by malicious users who are provided with shell access in Linux servers. They can gain root access and attack other users.<\/p>\n
When combined with other attacks such as SQL injection, this privilege escalation attack can even mess up the entire data in these servers, which makes it a critical one.
\nAre you servers affected by Dirty Cow exploit?<\/p>\n
If your server or VM or container is hosted with any of these OS versions, then they are vulnerable:<\/p>\n
Red Hat Enterprise Linux 7.x, 6.x and 5.x<\/p>\n
CentOS Linux 7.x, 6.x and 5.x<\/p>\n
Debian Linux wheezy, jessie, stretch and sid<\/p>\n
Ubuntu Linux precise (LTS 12.04), trusty, xenial (LTS 16.04), yakkety and vivid\/ubuntu-core<\/p>\n
SUSE Linux Enterprise 11 and 12<\/p>\n
For more information about mitigating yourself against Dirty cow, please see:<\/p>\n
https:\/\/bobcares.com\/blog\/dirty-cow-vulnerability\/<\/p>\n
Credit to Reeshma Mathews from bobcares.com for this <\/p>\n","protected":false},"excerpt":{"rendered":"
How to fix Dirty Cow vulnerability in CentOS, RedHat, Ubuntu, Debian, CloudLinux and OpenSuse Linux servers Dirty COW vulnerability was first discovered a decade ago and has been present in Linux kernel versions from 2.6.22, which was released in 2007. … Continue reading