Introduction : On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time at least since 2007, with kernel version 2.6.22 so the vast majority of servers are at risk.
Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. More information can be found on CVE-2016-5195 from Canonical, Red Hat, and Debian.
Fortunately, most major distributions have already released a fix. So, if you’re running an older server, you can follow this tutorial to check and patch your server.
Check Vulnerability :
Ubuntu/Debian
To find out if your server is affected, check your kernel version.
# uname -rv
You’ll see output like this:
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
If your version is earlier than the following, you are affected:
- 4.8.0-26.28 for Ubuntu 16.10
- 4.4.0-45.66 for Ubuntu 16.04 LTS
- 3.13.0-100.147 for Ubuntu 14.04 LTS
- 3.2.0-113.155 for Ubuntu 12.04 LTS
- 3.16.36-1+deb8u2 for Debian 8
- 3.2.82-1 for Debian 7
- 4.7.8-1 for Debian unstable
CentOS
If you’re on CentOS, you can use this script provided by RedHat to test your server’s vulnerability. To do so, first download the script.
wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
Then run it with bash.
# bash rh-cve-2016-5195_1.sh
If you’re vulnerable, you’ll see output like this:
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable. Red Hat recommends that you update your kernel. Alternatively, you can apply partial mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Fix Vulnerability
Fortunately, applying the fix is straightforward: update your system and reboot your server.
Ubuntu/Debian
Update and upgrade your packages using apt-get.
# sudo apt-get update && sudo apt-get dist-upgrade
You’ll need to reboot your server to apply the changes.
# sudo reboot
CentOS
Right now, we’re still waiting on a fix for CentOS 5. In the interim, you can use this workaround from the Red Hat bug tracker.
To update your kernel on CentOS 6 and 7, run:
# sudo yum update
Finally, you’ll need to reboot your server to apply the changes.
# sudo reboot
Conclusion
Make sure to update your Linux servers to stay protected from this privilege escalation bug.
3 Comments
India Hosting · February 24, 2017 at 8:48 AM
Appreciation to my father who stated to me on the topic of this website, this website is in fact awesome.
Virtono Upgrades – Oct 2016 (Poll Inside) – Virtono Community · October 25, 2016 at 1:00 PM
[…] P.S. Check How To Protect Your Server Against the Dirty COW Linux Vulnerability! […]
Virtono Upgrades - Oct 2016 (Poll Inside) - Virtono Community · June 21, 2023 at 10:03 AM
[…] P.S. Check How To Protect Your Server Against the Dirty COW Linux Vulnerability! […]