October 21, 2016

Posted in:


Dirty COW (CVE-2016-5195)

Recently, an exploit was discovered that could lead to privilege escalation on most Linux distributions including Red Hat, Ubuntu, and Debian. More information on the exploit and what it does can be found at https://dirtycow.ninja/

 

What is the issue?

Exploitation of the vulnerability could lead to privilege escalation on the affected system. The underlying issue is a race condition in the Linux kernel’s memory.

What OSes are affected?

Red Hat Enterprise versions: 5, 6, 7

Ubuntu versions: See here.

Debian versions: Wheezy, Jessie, Stretch

Am I affected?

If you browse the site mentioned in the first paragraph from a vulnerable OS, you will see the “Am I affected?” portion of the site change to “Yes”. Visiting this site from a browser on a non-affected OS (such as Windows), will result in “No”.

What is involved in patching?

If your OS vendor has released a patch, you should patch the kernel and reboot the system for the patch to take effect.

Is it actively being exploited and how can I tell if I have been hit by this?

There’s debate as to whether it is actively being exploited but given the press coverage of the exploit, it is likely only a matter of time until this is confirmed being actively exploited. At the current time, no traces are left if your server has been affected by this exploit.

Go back