Dirty COW – Vulnerability Fix

Dirty COW [ CVE-2016-5195 ]

COW -> Copy – On – Write

Dirty Cow

Dirty Cow

Dirty COW is actually an old vulnerability , which has driven back after 10 long years. The issue was first identified by Linus Torvalds and found some difficulties to patch the issue. The vulnerability is also called privilege-escalation vulnerability. In which the normal user in the server will get the root level privileges. Almost all the Linux flavors have this issue, due to which the Linux Kernel is affected by the vulnerability and an installed malicious app will get the root level access and get all the data from your server.

The following Red Hat OS are infected:

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise MRG 2
Red Hat Openshift Online v2
Red Hat Virtualization (RHEV-H/RHV-H)

To check your RedHat version is effected or not:

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_3.sh
chmod 755 rh-cve-2016-5195_3.sh
src]#./rh-cve-2016-5195_3.sh
Your kernel is 2.6.32-431.el6.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

The erlier version of the following UBUNTU OS are infected:

4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS


Amazon OS:

Amazon patched all their kernal version for the C-O-W, The patched versions are given below:

x86_64:
kernel-tools-devel-4.4.23-31.54.amzn1.x86_64
kernel-4.4.23-31.54.amzn1.x86_64
kernel-tools-debuginfo-4.4.23-31.54.amzn1.x86_64
perf-debuginfo-4.4.23-31.54.amzn1.x86_64
kernel-devel-4.4.23-31.54.amzn1.x86_64
kernel-tools-4.4.23-31.54.amzn1.x86_64
perf-4.4.23-31.54.amzn1.x86_64
kernel-debuginfo-4.4.23-31.54.amzn1.x86_64
kernel-headers-4.4.23-31.54.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.4.23-31.54.amzn1.x86_64

i686:
kernel-4.4.23-31.54.amzn1.i686
kernel-devel-4.4.23-31.54.amzn1.i686
kernel-tools-debuginfo-4.4.23-31.54.amzn1.i686
kernel-tools-devel-4.4.23-31.54.amzn1.i686
kernel-debuginfo-common-i686-4.4.23-31.54.amzn1.i686
perf-4.4.23-31.54.amzn1.i686
kernel-debuginfo-4.4.23-31.54.amzn1.i686
perf-debuginfo-4.4.23-31.54.amzn1.i686
kernel-tools-4.4.23-31.54.amzn1.i686
kernel-headers-4.4.23-31.54.amzn1.i686

FIX:

You can fix either by upgrading the patched kernel or remove all the packlages marked as rc by dpkg

# dpkg –list | grep “^rc” | cut -d ” ” -f 3 | xargs sudo dpkg –purge

But UROLIME recommend upgrading the installed kernel version to the latest stable release. You might require a reboot of your server after the kernel upgrade.

Red-Hat/centOS
yum update kernel
Ubuntu:
apt-get install linux-generic
Amazon:
yum update kernel

Please find the below steps that we have used one of our Ubuntu server.

[email protected]:~# uname -rv
3.13.0-92-generic #139-Ubuntu SMP Tue Jun 28 20:42:26 UTC 2016
apt-get update
apt-get install linux-generic
reboot
[email protected]:~# uname -rv
3.13.0-100-generic #147-Ubuntu SMP Tue Oct 18 16:48:51 UTC 2016

Please follow and like us:
Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud & Kubernetes Consulting, DevOps Services, 24/7 Managed Services & Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we “Do IT Smart”.
Posts created 164

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Enjoy this blog? Please spread the word :)