Dirty Cow vulnerability in Linux

A few of you must have seen a warning in your Magento dashboard this morning that read – Dirty COW Linux OS Vulnerability – 10/25/2016

We have already been aware of this since the past few days and have been working across the CentOS 7 servers in our fleet.

This vulnerability was first discovered almost a decade ago and has been present in Linux kernel versions from 2.6.22, which was released in 2007. Quite recently, this vulnerability gained attention when hackers started exploiting it, which led to the release of the bug CVE-2016-5195 last week.

What is this Dirty Cow vulnerability (CVE-2016-5195)?

CVE-2016-5195 aka “Dirty COW vulnerability” is a privilege escalation exploit which impacts the way memory operations are normally handled. It is the copy-on-write (COW) mechanism in Linux kernel for managing ‘dirty’ memory pages, that’s affected by this vulnerability, which is why the name ‘Dirty COW’. It might sound silly, but it indeed is serious.

Misusing this flaw in the server’s kernel, an unprivileged local user can escalate their privileges in the system in order to gain write access on read-only memory updates. Using this privilege escalation, local users can write to any file that they can read. Any malicious application or user can thus tamper with critical read-only root-owned files.

What we are doing about this.

All our servers are CentOS servers, and the patches had so far been released only for the CentOS 7 versions. We have been working through our CentOS 7 servers, updating the kernels and rebooting the servers. We haven’t been able to notify customers as there are quite a lot of servers that we’re working on. Please bear with us for any downtime during the process, as we are just securing your hosting environment for you.

CentOS has released a patch for the 6 version as well, which they are releasing on their mirrors at this time. Once we have this in place, we’ll be applying this across all our CentOS 6 servers too, which would ensure that the servers are safe and secure.

Comments are currently closed.