Dirty COW Linux Vulnerability CVE-2016-5195

On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The vulnerability nicknamed Dirty COW because of the issue copy-on-write (COW). Dirty COW has existed for a long time — at least since 2007 and the majority of servers are at risk now!

Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and therefore, able to increase their privileges on the system.

Most of Ubuntu and Centos versions released a patch for this vulnerability.

However, most of the OS configured not to receive auto updates. Therefore, you need to update your OS as soon as possible.

Below is the guide published by Hazel Virdó on DigitalOcean

How to update Ubuntu/Centos

To find out if your server is affected, check your kernel version.

uname -rv

You’ll see output like this:

4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is earlier than the following, you are affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable. Red Hat recommends that you update your kernel. Alternatively, you can apply partial mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

Fixing the issue in Ubuntu

Update and upgrade your packages using apt-get.

sudo apt-get update && sudo apt-get dist-upgrade

Finally, you’ll need to reboot your server to apply the changes.

sudo reboot

CentOS

Right now, no fix for CentOS 5 and 6. In the interim, you can use this workaround from the Red Hat bug tracker.

To update your kernel on CentOS 7, run:

sudo yum update

Then, reboot your server.

sudo reboot

Serverpilot

If you are using Serverpilot, login to your SSH and restart your server as the patches are automatically applied by Serverpilot team.

DigitalOcean

If you are running on Digitalocean and your droplet was created before 19th October 2016, you need to follow the instruction above and update your server as soon as possible.

Shared Hosting

If you running your website on shared hosting, write to your hosting company to confirm if they have updated the server.

Share This Post

Share on facebook
Facebook
Share on twitter
Twitter