Dirty cow vulnerability mainly affects major Linux Operating Systems. Below is the impact of this vulnerability –
Existing for nine years, the Dirty Cow vulnerability is found in the Linux kernel and privilege escalation vulnerability. A security expert Phil Oester found this vulnerability that can be present in about every available Linux distribution.
A race condition was found in the way the memory subsystem of the Linux kernel handled the copy-on-write (COW) breakage of private read-only-memory mappings. This flaw misused by an unprivileged local user to gain write access to other read-only memory mappings and further increase their privileges on the system.
The race condition refers to the electronic, software, or other systems’ action where the output is dependent on the sequence or timing of other events that are controllable. This action gets converted into a bug when the events don’t occur in the planned order by the programmer.
It’s possible that an attacker can abuse this for modifying existing setup files with instructions to elevate privileges. It’s been observed that the distributions affected by the Dirty Cow vulnerability. The security communities need to deploy trapping devices to entrap the attackers.
Also, the owners need to be vigilant about exploitation attempts since this bug doesn’t leave any trace any trace or anomalous logs.
Note: Be cautious and install a fix for this bug as soon as possible. Simply follow the steps below to ensure your protection –
Check Vulnerability –
Ubuntu/Debian
Check your kernel version in order to find out if your server affected.
uname –rv
Your Output –
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
If your version older than those mentioned below affected:
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
Centos
- First download the script
wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh - Run it with bash:
bash rh-cve-2016-5195_1.sh - If you’re vulnerable, you’ll see output like this:
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable
Red Hat recommends that you update your kernel. Alternatively, you can apply
partial mitigation described at
Fix – Fortunately, applying the fix is straightforward: update your system and reboot your server.
Centos – You can update all of your packages on Centos 5, 6, and 7 with
sudo yum update
But if you only want to update the kernel to address this bug, run
sudo yum update kernel
Ubuntu/Debian
sudo apt-get update && sudo apt-get dist-upgrade