What is Dirty COW vulnerability and how to fix it?

https://gcn.com

 

Introduction:

On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time β€” at least since 2007, with kernel version 2.6.22 β€” so the vast majority of servers are at risk.

Dirty Cow works by creating a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings. This race condition can allow an unprivileged local user to gain write access to read-only memory mappings and, in turn, increase their privileges on the system.

Copy-on-write is a technique that allows a system to efficiently duplicate or copy a resource which is subject to modification. If a resource is copied but not modified, there’s no need to create a new resource; the resource can be shared between the copy and the original. In case of a modification, a new resource is created.

 

Check Vulnerability:

Ubuntu/Debian:

 

uname -rv 

You’ll see output like this:

4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is earlier than the following, than your server is affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS:

Download the below script and run in the server:

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable. 
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

Fix Vulnerability:

On Ubuntu and Debian, upgrade your packages using apt-get.

  • sudo apt-get update && sudo apt-get dist-upgrade

You can update all of your packages on CentOS 5, 6, and 7 with sudo yum update, but if you only want to update the kernel to address this bug, run:

  • sudo yum update kernel

After updating kernel, reboot the server ( Execute reboot in the server).

Thank you.

My name is Shashank Shekhar. I am a Software Engineer, currently working in one of the leading web-hosting companies in India. I am having 2 years of experience in Linux Server Administration.

I love to work in Linux environment & love learning new things.

Powered by Facebook Comments

2 Comments

  1. Hi there this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.
    I’m starting a blog soon but have no coding know-how so
    I wanted to get guidance from someone with experience.
    Any help would be enormously appreciated!

    • Hi,
      Thanks you for your reply.
      I am using CMS for my blog. If you would like to create a blog, then you can do this by installing a CMS (WordPress, Joomla, Drupal, etc.) in your site and make your post (As this is a easy way, you do need to have a knowledge of coding.) You can also use different theme for your site to make the look the site impressive. I am not using WYSIWYG editor. I simply write the post in plain text and make the post. Let me know if you have any query. πŸ™‚

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.