DirtyCow (CVE-2016-5195)
I don't know how many of you heard about this, but it is really annoying.
More info on the topic:
Dirty COW (CVE-2016-5195)
For those who use CloudLinux kernelcare, there is no patch still.
From what I have tested already seems that Centos 7/ Cloudlinux 7 are mainly affected.
Bug 1384344 " CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage
-
I don't know how many of you heard about this, but it is really annoying. More info on the topic: Dirty COW (CVE-2016-5195) For those who use CloudLinux kernelcare, there is no patch still. From what I have tested already seems that Centos 7/ Cloudlinux 7 are mainly affected. Bug 1384344 " CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage
CL Kernel developers are working on it to release updated kernels for CL5/6/7 soon.0 -
KernelCare users should see Dirty Cow vulnerability: the fix is here! for updates 0 -
KernelCare users should see Dirty Cow vulnerability: the fix is here! for updates
Thanks the CloudLinux guys for this !0 -
This really is one of those car crash events isn't it. RHEL / CentOS again seem to be latest to the party with a patch, the bug thread implies at an uneducated glance that CentOS6 users don't need to worry (which seems incorrect going on other posts to the thread and general chatter) and doesn't make clear if it's worth applying the mitigation on versions other than 7 to address the more recent POCs The in the wild exploit we are aware of doesn't work on Red Hat Enterprise Linux 5 and 6 out of the box because on one side of the race it writes to /proc/self/mem, but /proc/self/mem is not writable on Red Hat Enterprise Linux 5 and 6.
and the cPanel announcement doesn't make reference to their own kernel and when they'll update it cPanel Security Team: Dirty COW (CVE-2016-5195) | cPanel Newsroom I just give up.0 -
If I understand correctly, the systemtap mitigation will not protect against the subsequent POC exploit released 0 -
Actually, my CentOS 6 Kernelcare systems aren't showing any fix # cat /etc/redhat-release ; kcarectl --check ; kcarectl --patch-info | grep -i cve-2016-5195 CentOS release 6.8 (Final) No update necessary
0 -
@sparek-3 Interesting - my check using the same code produced different results: # cat /etc/redhat-release ; kcarectl --check ; kcarectl --patch-info | grep -i cve-2016-5195 CloudLinux Server release 6.8 (Oleg Makarov) No update necessary kpatch-cve: CVE-2016-5195 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
0 -
BRILLIANT! They released an update that --check doesn't recognize. If you run kcarectl --update it updates! This is absolutely brilliant! I mean, why depend on --check to see if there is an update when, that never really matters! BRILLIANT! 0 -
And for those of you looking for a CentOS/RHEL/cPanel kernel update you may want to just try yum update and never ever use yum check-update because seriously! Why should you ever just check for updates? Why spend time prepping for an update when you can just update! Who cares if it breaks a system or does something you didn't anticipate! Lesson learned today... checking for updates is totally useless! 0 -
Anybody with kcare fix for CloudLinux / Centos 5 ? 0 -
Anybody with kcare fix for CloudLinux / Centos 5 ?
CloudLinux 5 kernel released to beta0 -
Just to summarize the current state of the things: CloudLinux have release dirty cow fix in their mainstream kernels for CL 6 and CL 7. There is kernel update for CL5 also, but it is in the testing repo. If you are using KernelCare (the rebootless kernel patching tool by CloudLinux), you must already have the patches for all CL 5,6,7. You can check this by issuing: root@server [~]# kcarectl --patch-info | grep 2016-5195 -A 6 kpatch-name: 2.6.18/CVE-2016-5195.patch kpatch-description: CVE-2016-5195 fix kpatch-kernel: kernel-2.6.18-412.el5 kpatch-cve: CVE-2016-5195 kpatch-cvss: 6.9 kpatch-cve-url: CVE-2016-5195 - Red Hat Customer Portal kpatch-patch-url:
0 -
Will this affect the server which does not have public SSH access? Thank you for any advice. 0 -
Will this affect the server which does not have public SSH access? Thank you for any advice.
Yes, if there is for example a vulnerability in a web app such as Wordpress that would allow remote code execution or if any of the accounts on your system have been breached such that an exploit could be uploaded and then executed0 -
In fact, if you have any publicly accessible service (Web, FTP, or whatever it is), if someone try and successfully exploit your service (in order to make it, to execute code with this service's username), this could be used as an indirect vector to do execute the privilege escalation exploit. It is really bad thing.. 0 -
Folks I don't profess to know what any of this means other than I should update or patch. Would Yum Update fix this in CentOS 6.8 Final, or do I need to run specific patches ? 0 -
Hello, Allow me to address some of the questions and comments that have not yet received a response. and the cPanel announcement doesn't make reference to their own kernel and when they'll update it cPanel Security Team: Dirty COW (CVE-2016-5195) | cPanel Newsroom
Regarding the cPanel hardened kernel, there's an internal case open to build and publish an update once CentOS publishes a new kernel (the cPanel hardened kernel patches the CentOS 6 kernel for symlink race condition protection).They released an update that --check doesn't recognize. If you run kcarectl --update it updates! This is absolutely brilliant! I mean, why depend on --check to see if there is an update when, that never really matters!
I encourage you to share your thoughts regarding KernelCare to the CloudLinix Support Team, or on their forums at: CloudLinux ForumI don't profess to know what any of this means other than I should update or patch. Would Yum Update fix this in CentOS 6.8 Final, or do I need to run specific patches ?
You can run "yum update" to update your system kernel once CentOS releases an updated kernel that addresses the issue. Note that you must reboot the system after updating the kernel. Or, if you are interested in a third-party application, consider using KernelCare from CloudLinux: CloudLinux - Main | New template Thank you.0 -
In short, we are still waiting for RedHat/Centos to release patched kernel :) 0 -
CentOS 7 and RHEL 7 have published an updated kernel. We'll update the following news article again once CentOS 6 kernels are published, and once the cPKernel update is available: cPanel Security Team: Dirty COW (CVE-2016-5195) *UPDATED* | cPanel Newsroom Thank you. 0 -
Thanks for this update @cPanelMichael ! Well done to RedHat, waiting for RHEL 5/6 update releases. 0 -
Thanks. I've installed kernelcare to take care of it. :) Yes, if there is for example a vulnerability in a web app such as Wordpress that would allow remote code execution or if any of the accounts on your system have been breached such that an exploit could be uploaded and then executed
0 -
Can anyone tell me how screwed I am if I'm using an OpenVZ/Virtuozzo CentOS 6.8 VPS? I presume I can't update the kernel? 0 -
There is still no patch for CentOS :( 0 -
Regarding the cPanel hardened kernel, there's an internal case open to build and publish an update once CentOS publishes a new kernel (the cPanel hardened kernel patches the CentOS 6 kernel for symlink race condition protection).
Apologies if I came over rude over that, it just seemed odd to me (and still does) that the cPanel kernel is not mentioned in the security team announcement. I can just imagine the type of user who would say "stop bugging me about this, it doesn't apply to me, because it's HARDENED". The news post does nothing to dissuade them from making this error and not taking action. The CentOS 6 kernel update should now be available Red Hat Customer Portal0 -
Try yum clean all and then yum check-update (and yum update to actually perform the update, don't forget you'll have to reboot for the new kernel to take affect). 0 -
What about cPKernel? 0 -
Updated kernels from all vendors, including cPanel, are now published. The news article is now updated to reflect this information: cPanel Security Team: Dirty COW (CVE-2016-5195) *UPDATED* | cPanel Newsroom Thanks! 0
Please sign in to leave a comment.
Comments
27 comments