A very serious security problem has been found in the Linux kernel. A 0-day local privilege escalation vulnerability has existed for eleven years since 2005. This bug affects all sort of of Android or Linux kernel to escalate privileges. Any user can become root in less than 5 seconds. The bug has existed since Linux kernel version 2.6.22+. How do I fix this problem?
This bug is named as Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So you can not detect if someone has exploited this against your server.
If you are running CloudLinux follow these step to fix this issue:
Dirty Cow patch for CloudLinux
- CloudLinux 7:
- To update:
yum clean all; yum install kernel-3.10.0-427.10.1.lve1.4.22.el7 kmod-lve-1.4-22.el7 –enablerepo=cloudlinux-updates-testingand reboot the server
- To update:
- CloudLinux 6:
-
yum clean all; yum install kernel-2.6.32-673.26.1.lve1.4.18.el6 kmod-lve-1.4-18.el6 –enablerepo=cloudlinux-updates-testingand reboot the server
-
- CloudLinux 5: Coming Soon
How do I fix CVE-2016-5195 on Linux?
Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:
uname -a
uname -mrs
Debian or Ubuntu Linux
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
then reboot the machine:
sudo reboot
RHEL / CentOS Linux 5.x/6.x/7.x
yum update
reboot
RHEL / CentOS Linux 4.x
up2date -u
reboot
Suse Enterprise Linux or Opensuse Linux
To apply all needed patches to the system type:
zypper patch
reboot
Verification
You need to make sure your version number has changed:
uname -a
uname -r
uname -mrs
If you are running an Android phone, you will need to wait your phone distributor or operators to release a patch, so simply update your phone when requested.
What is the CVE-2016-5195?
CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.
Why is it called the Dirty COW bug?
“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
What makes the Dirty COW bug unique?
In fact, all the boring normal bugs are _way_ more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more “special” than a random spectacular crash due to bad locking.
—————————————————-