Sharing some useful tips, solutions and notes for Geeks.

Sunday, October 23, 2016

Protect Your Server Against the Dirty COW Linux Vulnerability


The operating system that lies at the core of most servers on the internet and most smartphones has a critical vulnerability which has existed, unnoticed, for nine years.

Called “Dirty Cow” (because it exploits a mechanism called copy-on-write), the bug allows an attacker to gain privilege escalation on the Linux kernel.

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel that can allow a local user (like a web hosting account) to gain root access to the server. This can also be a huge problem if your Magento store is compromised and the attacker has the ability to upload files to your server or hosting account. 

The vulnerability is present in all major Linux Operating Systems and security researchers have detected in the wild (ITW) attacks even before security patches were released by the various operating systems.

Check Vulnerability

Ubuntu/Debian

To find out if your server is affected, check your kernel version.
$ uname -rv
You'll see output like this:
Output 4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
If your version is earlier than the following, you are affected:
  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server's vulnerability. To try it, first download the script.
$ wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
Then run it with bash.
$ bash rh-cve-2016-5195_1.sh
If you're vulnerable, you'll see output like this:
Output
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

Fix Vulnerability

Fortunately, applying the fix is straightforward: update your system and reboot your server.

Ubuntu/Debian

Update and upgrade your packages using apt-get.
$ sudo apt-get update && sudo apt-get dist-upgrade
Note: On older versions of Ubuntu, like 14.04, you'll also need to select the DigitalOcean GrubLoader kernel. To do this, go to the control panel, click on the server you want to update. Then, click Kernel in the menu on the left and choose the GrubLoader kernel.
Finally, you'll need to reboot your server to apply the changes.
$ sudo reboot

CentOS

Right now, we're still waiting on a fix for CentOS 5 and 6. In the interim, you can use this workaround from the Red Hat bug tracker.

To update your kernel on CentOS 7, run:
$ sudo yum update
Then, reboot your server.
$ sudo reboot

No comments: