How to fix Dirty Cow vulnerability in CentOS, RedHat, Ubuntu, Debian, CloudLinux and OpenSuse Linux servers
Dirty COW vulnerability was first discovered a decade ago and has been present in Linux kernel versions from 2.6.22, which was released in 2007.
But the vulnerability gained attention only recently when hackers started exploiting it. This has led to the release of this bug as CVE-2016-5195 on October 19th, 2016.
What is Dirty Cow vulnerability (CVE-2016-5195)?
CVE-2016-5195 aka “Dirty COW vulnerability” involves a privilege escalation exploit which affects the way memory operations are handled.
Since the feature that is affected by this bug is the copy-on-write (COW) mechanism in Linux kernel for managing ‘dirty’ memory pages, this vulnerability is termed ‘Dirty COW’.
Misusing this flaw in kernel, an unprivileged local user can escalate his privileges in the system and thus gain write access on read-only memory updates.
Using this privilege escalation, local users can write to any file that they can read. Any malicious application or user can thus tamper with critical read-only root-owned files.
Is Dirty Cow vulnerability (CVE-2016-5195) critical?
Dirty COW vulnerability affects the Linux kernel. Most open-source operating systems such as RedHat, Ubuntu, Fedora, Debian, etc. are based over Linux kernel.
As a result, this vulnerability is a ‘High’ priority one as it can affect a huge percentage of servers running over Linux and Android kernels.
CVE-2016-5195 exploit can be misused by malicious users who are provided with shell access in Linux servers. They can gain root access and attack other users.
When combined with other attacks such as SQL injection, this privilege escalation attack can even mess up the entire data in these servers, which makes it a critical one.
Are you servers affected by Dirty Cow exploit?
If your server or VM or container is hosted with any of these OS versions, then they are vulnerable:
Red Hat Enterprise Linux 7.x, 6.x and 5.x
CentOS Linux 7.x, 6.x and 5.x
Debian Linux wheezy, jessie, stretch and sid
Ubuntu Linux precise (LTS 12.04), trusty, xenial (LTS 16.04), yakkety and vivid/ubuntu-core
SUSE Linux Enterprise 11 and 12
First step to do is to check your OS flavor and to know your Linux kernel version, using the ‘uname’ command:
Here, the OS is Ubuntu and kernel version is 3.13.0-24-generic.
If the kernel version displayed in your server is earlier than these patched versions, your server is vulnerable:
- 4.8.0-26.28 for Ubuntu 16.10
- 4.4.0-45.66 for Ubuntu 16.04 LTS
- 3.13.0-100.147 for Ubuntu 14.04 LTS
- 3.2.0-113.155 for Ubuntu 12.04 LTS
- 3.16.36-1+deb8u2 for Debian 8
- 3.2.82-1 for Debian 7
- 4.7.8-1 for Debian unstable
How to protect your servers from Dirty Cow bug
Dirty COW privilege escalation vulnerability in the Linux kernel has been acknowledged and patch has been already released for the kernel.
Some major OS vendors have released the security patches for their OS versions. So, the immediate fix is to update the software in your servers.
If your server is configured for automatic software updates, the server would have already got the new patch installed.
But for the installed updates to come into effect, you will have to reboot the server.
Most live servers disable automatic updates due to the fear of mess-ups. In such cases, you have to manually update the OS to the secure version.
Bobcares provides Outsourced Hosting Support and Outsourced Server Management for online businesses. Our services include Hosting Support Services, server support, help desk support, live chat support and phone support.