Sudahkah anda Patch Kernel dari Dirty COW?

[hemstar7]

hallo om/tante,
udah tau berita tentang Dirty COW (CVE-2016-5195)? penting nih bagi keamanan server kita-kita untuk di ketahui..
bunyi dari CVE-2016-5195 adalah:
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

bug ini terdapat pada distro:

1. Red Hat Enterprise Linux 7.x
2. Red Hat Enterprise Linux 6.x
3. Red Hat Enterprise Linux 5.x
4. CentOS Linux 7.x
5. CentOS Linux 6.x
6. CentOS Linux 5.x
7. Debian Linux wheezy
8. Debian Linux jessie
9. Debian Linux stretch
10. Debian Linux sid
11. Ubuntu Linux precise (LTS 12.04)
12. Ubuntu Linux trusty
13. Ubuntu Linux xenial (LTS 16.04)
14. Ubuntu Linux yakkety
15. Ubuntu Linux vivid/ubuntu-core
16. SUSE Linux Enterprise 11 and 12.

Inti nya.. dengan memanfaatkan celah di kernel maka user (non root) bisa memodifikasi file group root dan lainnya.

maka dari itu segera patch.. caranya ada di:
http://www.cyberciti.biz/faq/dirtyc...local-privilege-escalation-vulnerability-fix/

saya udah coba di komputer sendiri eh... ternyata OS saya (Fedora) vuln sama nih dirtyc0w

fatal sekali yaa ):

 

[pluto01]

Ayo2 laksanakan

 

[hemstar7]

Catatan aja.. bug ini udah ada sejak tahun 2005 loh jadi bisa aja bug ini ada di distro selain yang disebutin diatas.

 

[junior riau]

root@zeus [~]# bash rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-673.26.1.lve1.4.17.el6.x86_64 which is NOT vulnerable.
root@zeus [~]#

asik asisk

 

[Bestariweb Hosting]

# bash rh-cve-2016-5195_1.sh
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

kalo hasilnya spt ini gmn ya?

 

[PusatHosting]

# bash rh-cve-2016-5195_1.sh
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

kalo hasilnya spt ini gmn ya?

yum update -y

 

[Bestariweb Hosting]

# yum -y update
Loaded plugins: fastestmirror, tsflags, universal-hooks
EA4                                                      | 2.9 kB     00:00     
base                                                     | 3.6 kB     00:00     
extras                                                   | 3.4 kB     00:00     
updates                                                  | 3.4 kB     00:00     
Loading mirror speeds from cached hostfile
 * EA4: 185.69.232.245
 * base: mirror.imt-systems.com
 * extras: ftp.plusline.de
 * updates: mirror.rackspeed.de
No packages marked for update

di Update gak ngaruh euy..

 

[PusatHosting]

Ternyata belum rilis patch nya.
Dan katanya sementara bisa dengan ini https://bobcares.com/blog/dirty-cow-vulnerability/

 

[PusatHosting]

Kalau pakai cloudlinux sudah begini :

[root@hzb ~]# bash rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-673.26.1.lve1.4.15.el6.x86_64 which is NOT vulnerable.

 

[IIXPLANET]

untuk openvz kernel apa kena dampak juga kah ?
soalnya saya cek hasilnya seperti ini

This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.

untuk nodenya make centos 6 dengan kernel ovz