How to fix Magento dirty cow vulnerability alert!
Are you a website owner? Do you have Magento shopping cart in your site? Is your server running an insecure version of Linux kernel?
If the answers to these questions are ‘yes’, then you’d be noticing a ‘Dirty COW vulnerability’ alert in your Magento admin dashboard.
What is Magento dirty cow vulnerability alert?
Magento is an open source shopping cart software that accounts for 29.1% of market share now. Magento sites mostly run on Linux servers.
Since Dirty COW vulnerability is a bug in the Linux kernel, it affects all servers that run Linux OS flavors – such as RedHat, Ubuntu, CentOS, etc.
Website owners who manage the Magento cart would see this message upon login to the admin portal as the ‘admin’ user at http://magento-site.com:8096/admin/ –
'Latest Message: Dirty COW Linux OS Vulnerability – 10/25/2016 Read details'
Why is Magento dirty cow warning critical?
Further inspection of this alert message shows that it is a critical warning and the solution is to update the OS in your server to secure kernel version without delay.
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel that can allow a local user to gain root access to the server.
Exploiting a race condition that handle kernel’s memory operations, an attacker can execute malicious code and compromise the whole server.
If your website has Magento store setup for online transactions, the attackers can steal confidential information such as credit card details, once they gain root access.
As Dirty COW vulnerability allows hackers to obtain super user privilege to the server and do anything in it, this is a critical exploit that has to be fixed without delay.
To know more about the vulnerability and the OS versions that are affected, read our post on Dirty Cow vulnerability.
Bobcares provides Outsourced Hosting Support and Outsourced Server Management for online businesses. Our services include Hosting Support Services, server support, help desk support, live chat support and phone support.