How To Protect Your Server Against the Dirty COW Linux Vulnerability

Please follow and like us:

On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time — at least since 2007, with kernel version 2.6.22 — so the vast majority of servers are at risk.

Check Vulnerability

Ubuntu/Debian

To find out if your server is affected, check your kernel version.

You’ll see output like this:

If your version is earlier than the following, you are affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

Then run it with bash.

bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

Fix Vulnerability

Fortunately, applying the fix is straightforward: update your system and reboot your server.

On Ubuntu and Debian, upgrade your packages using apt-get.

 

You can update all of your packages on CentOS 6 and 7 with sudo yum update, but if you only want to update the kernel to address this bug, run:

Right now, we’re still waiting on a fix for CentOS 5. In the interim, you can use this workaround from the Red Hat bug tracker.

On older Droplets with external kernel management, you’ll also need to select the DigitalOcean GrubLoader kernel. To do this, go to the control panel, click on the server you want to update. Then, click Kernel in the menu on the left and choose the GrubLoader kernel. You can learn more about updating your Droplet’s kernel in this kernel management tutorial. Newer Droplets with internal kernel management can skip this step.

Finally, on all distributions, you’ll need to reboot your server to apply the changes.

 

Conclusion

Make sure to update your Linux servers to stay protected from this privilege escalation bug.

 

 

 

Reference : https://www.digitalocean.com/community/

Enjoy this blog? Please spread the word :)