Sudahkah anda Patch Kernel dari Dirty COW?


Status
Not open for further replies.

hemstar7

Beginner 2.0
hallo om/tante,
udah tau berita tentang Dirty COW (CVE-2016-5195)? penting nih bagi keamanan server kita-kita untuk di ketahui..
bunyi dari CVE-2016-5195 adalah:
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

bug ini terdapat pada distro:
  1. Red Hat Enterprise Linux 7.x
  2. Red Hat Enterprise Linux 6.x
  3. Red Hat Enterprise Linux 5.x
  4. CentOS Linux 7.x
  5. CentOS Linux 6.x
  6. CentOS Linux 5.x
  7. Debian Linux wheezy
  8. Debian Linux jessie
  9. Debian Linux stretch
  10. Debian Linux sid
  11. Ubuntu Linux precise (LTS 12.04)
  12. Ubuntu Linux trusty
  13. Ubuntu Linux xenial (LTS 16.04)
  14. Ubuntu Linux yakkety
  15. Ubuntu Linux vivid/ubuntu-core
  16. SUSE Linux Enterprise 11 and 12.
Inti nya.. dengan memanfaatkan celah di kernel maka user (non root) bisa memodifikasi file group root dan lainnya.

maka dari itu segera patch.. caranya ada di:
http://www.cyberciti.biz/faq/dirtyc...local-privilege-escalation-vulnerability-fix/

saya udah coba di komputer sendiri eh... ternyata OS saya (Fedora) vuln sama nih dirtyc0w :p

fatal sekali yaa ):
 

hemstar7

Beginner 2.0
Catatan aja.. bug ini udah ada sejak tahun 2005 loh :) jadi bisa aja bug ini ada di distro selain yang disebutin diatas.
 

Bestariweb Hosting

Hosting Guru
The Warrior
Verified Provider
Code:
# bash rh-cve-2016-5195_1.sh
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
kalo hasilnya spt ini gmn ya?
 

PusatHosting

Hosting Guru
Code:
# bash rh-cve-2016-5195_1.sh
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
kalo hasilnya spt ini gmn ya?

yum update -y
 

Bestariweb Hosting

Hosting Guru
The Warrior
Verified Provider
Code:
# yum -y update
Loaded plugins: fastestmirror, tsflags, universal-hooks
EA4                                                      | 2.9 kB     00:00     
base                                                     | 3.6 kB     00:00     
extras                                                   | 3.4 kB     00:00     
updates                                                  | 3.4 kB     00:00     
Loading mirror speeds from cached hostfile
 * EA4: 185.69.232.245
 * base: mirror.imt-systems.com
 * extras: ftp.plusline.de
 * updates: mirror.rackspeed.de
No packages marked for update
di Update gak ngaruh euy..
 

IIXPLANET

Expert 2.0
untuk openvz kernel apa kena dampak juga kah ?
soalnya saya cek hasilnya seperti ini

This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.

untuk nodenya make centos 6 dengan kernel ovz
 
Status
Not open for further replies.

Top