Dirty Cow Vulnerability – Check How Dirty It Is?

November 16, 2016 / General Discussion

Dirty cow vulnerability mainly affects major Linux Operating Systems. Below is the impact of this vulnerability –

Existing for nine years, the Dirty Cow vulnerability is found in the Linux kernel and privilege escalation vulnerability.  A security expert Phil Oester found this vulnerability that can be present in about every available Linux distribution.

A race condition was found in the way the memory subsystem of the Linux kernel handled the copy-on-write (COW) breakage of private read-only-memory mappings. This flaw misused by an unprivileged local user to gain write access to other read-only memory mappings and further increase their privileges on the system.

The race condition refers to the electronic, software, or other systems’ action where the output is dependent on the sequence or timing of other events that are controllable. This action gets converted into a bug when the events don’t occur in the planned order by the programmer.

It’s possible that an attacker can abuse this for modifying existing setup files with instructions to elevate privileges. It’s been observed that the distributions affected by the Dirty Cow vulnerability. The security communities need to deploy trapping devices to entrap the attackers.

Also, the owners need to be vigilant about exploitation attempts since this bug doesn’t leave any trace any trace or anomalous logs.

Note:  Be cautious and install a fix for this bug as soon as possible. Simply follow the steps below to ensure your protection –

Check Vulnerability –

Ubuntu/Debian

Check your kernel version in order to find out if your server affected.

uname –rv

Your Output –

4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version older than those mentioned below affected:

4.8.0-26.28 for Ubuntu 16.10

4.4.0-45.66 for Ubuntu 16.04 LTS

3.13.0-100.147 for Ubuntu 14.04 LTS

3.2.0-113.155 for Ubuntu 12.04 LTS

3.16.36-1+deb8u2 for Debian 8

3.2.82-1 for Debian 7

4.7.8-1 for Debian unstable

Centos

  1. First download the script
    wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
  2. Run it with bash:
    bash rh-cve-2016-5195_1.sh
  3. If you’re vulnerable, you’ll see output like this:

    Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable

    Red Hat recommends that you update your kernel. Alternatively, you can apply

    partial mitigation described at

    Fix – Fortunately, applying the fix is straightforward: update your system and reboot your server.

    Centos – You can update all of your packages on Centos 5, 6, and 7 with

    sudo yum update

    But if you only want to update the kernel to address this bug, run

    sudo yum update kernel

    Ubuntu/Debian

    sudo apt-get update && sudo apt-get dist-upgrade