How To Patch and Protect – Vulnerability Dirty Cow

very serious security problem has been found in the Linux kernel. A 0-day local privilege escalation vulnerability has existed for eleven years since 2005. This bug affects all sort of of Android or Linux kernel to escalate privileges. Any user can become root in less than 5 seconds. The bug has existed since Linux kernel version 2.6.22+. How do I fix this problem?

This bug is named as Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So you can not detect if someone has exploited this against your server.

If you are running CloudLinux follow these step to fix this issue:

Dirty Cow patch for CloudLinux 

  • CloudLinux 7:
    • To update:

      yum clean all; yum install kernel-3.10.0-427.10.1.lve1.4.22.el7 kmod-lve-1.4-22.el7 –enablerepo=cloudlinux-updates-testingand reboot the server

 

  • CloudLinux 6:
    • yum clean all; yum install kernel-2.6.32-673.26.1.lve1.4.18.el6 kmod-lve-1.4-18.el6 –enablerepo=cloudlinux-updates-testingand reboot the server

 

  • CloudLinux 5: Coming Soon

 

How do I fix CVE-2016-5195 on Linux?

Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:

uname -a
uname -mrs

 

Debian or Ubuntu Linux

sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

then reboot the machine:

sudo reboot

RHEL / CentOS Linux 5.x/6.x/7.x

yum update
reboot

RHEL / CentOS Linux 4.x

up2date -u
reboot

Suse Enterprise Linux or Opensuse Linux

To apply all needed patches to the system type:
zypper patch
reboot

Verification

You need to make sure your version number has changed:
uname -a
uname -r
uname -mrs

If you are running an Android phone, you will need to wait your phone distributor or operators to release a patch, so simply update your phone when requested.

What is the CVE-2016-5195?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Why is it called the Dirty COW bug?

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

What makes the Dirty COW bug unique?

In fact, all the boring normal bugs are _way_ more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more “special” than a random spectacular crash due to bad locking.

—————————————————-

Your business need a managed host to take care of these issue as soon they arise, choose UnderHost and subscribe to our Managed Cloud Hosting  or our optimized shared hosting today.