DIRTY COW LINUX VULNERABILITY Print

  • 2

Dear Customers,

Recently a very serious vulnerability in the Linux kernel was reported. It is called Dirty COW because it affects the ‘copy-on-write’ (COW) mechanism. Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability. It allows attackers to gain root access to servers and take control over the whole system.

Our technical team took the necessary precautions and patched our shared servers from this vulnerability. So, all our SHARED, BUSINESS and RESELLER servers are running on NON-vulnerable kernel now.

For managed and fully-managed VPS and dedicated servers the issue will be resolved by our technicians after a confirmation from owner (we will be reaching these customers proactively) because this fix suggests server reboot.

As for users located on unmanaged VPS/Dedicated servers please use the following instruction to fix this vulnerability.

How to check Vulnerability:

CentOS/RHEL servers:
1) Login to the server as root or privileged user via SSH:

ssh root@YOUR.SERVER.IP -pYOUR_SSH_PORT

2) Run the following command to download official RHEL vulnerability check script:

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

3) Once the script is downloaded run it with the following command:

bash rh-cve-2016-5195_1.sh

If your server is vulnerable the output should be will be as follows:

Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 

—————————
Debian/Ubuntu:
1) Login to the server as root or privileged user via SSH:

ssh root@YOUR.SERVER.IP -pYOUR_SSH_PORT

2) Run the following command:

uname -rv

The output should looks like this:

4.8.0-26-generic #28-Ubuntu SMP Tue Oct 18 23:11:45 UTC 2016

If your version is earlier than the following, you are affected:

  • 4.8.0-26.28 for Ubuntu 16.10
  • 4.4.0-45.66 for Ubuntu 16.04 LTS
  • 3.13.0-100.147 for Ubuntu 14.04 LTS
  • 3.2.0-113.155 for Ubuntu 12.04 LTS
  • 3.16.36-1+deb8u2 for Debian 8
  • 3.2.82-1 for Debian 7
  • 4.7.8-1 for Debian unstable
    ————————————————————————————–

How to fix Vulnerability:

CentOS/RHEL servers:
1) Login to the server as root or privileged user via SSH:

ssh root@YOUR.SERVER.IP -pYOUR_SSH_PORT

2) Run the following command:

sudo yum update kernel

3)In order to apply changes please reboot your server

sudo reboot

Debian/Ubuntu:
1) Login to the server as root or privileged user via SSH:

ssh root@YOUR.SERVER.IP -pYOUR_SSH_PORT

2) Run the following command:

sudo apt-get update && sudo apt-get dist-upgrade

3)In order to apply changes please reboot your server

sudo reboot

 

Should you have any questions, please feel free to contact our Support Team.

Kind regards,
Elakhost Support Team


Was this answer helpful?

« Back