Recently World of Linux come across yet another bug which is haunting the nix users all over the world. This bug has given a name COW and its associated CVE number is CVE-2016-5195.
Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)
support@linuxforeveryone.com
Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)
support@linuxforeveryone.com
Background :
later when I started reading about this bug in details got to know how this bug got his name, which nothing but a "copy-on-write" technique which Linux kernel uses to maintain the private read -only memory mapping and this technique have some flaws in it since 2007 woohooo that was way long back.
In other words if i have to say is this bugs allow a server to become completely compromised through local privilege escalation. This vulnerability is specific to the Linux Kernel, and exploiting this vulnerability does require a local system user (compromised or not) to run malicious code to obtain admin privileges. Despite this requirement, this is a high priority security patch that should be patched as soon as possible due to its severity.
How to Check if your System is vulnerable:
Run the below script to check whether you system are affected by this bug or not.
copy and paste below content in file say bug-checker.sh and give it executable permission
#!/bin/bash
# Version: 1.3
RED="\033[1;31m"
YELLOW="\033[1;33m"
GREEN="\033[1;32m"
BOLD="\033[1m"
RESET="\033[0m"
SAFE_KERNEL="SAFE_KERNEL"
SAFE_KPATCH="SAFE_KPATCH"
MITIGATED="MITIGATED"
VULNERABLE="VULNERABLE"
MITIGATION_ON='CVE-2016-5195 mitigation loaded'
MITIGATION_OFF='CVE-2016-5195 mitigation unloaded'
VULNERABLE_VERSIONS=(
# RHEL5
"2.6.18-8.1.1.el5"
"2.6.18-8.1.3.el5"
"2.6.18-8.1.4.el5"
"2.6.18-8.1.6.el5"
"2.6.18-8.1.8.el5"
"2.6.18-8.1.10.el5"
"2.6.18-8.1.14.el5"
"2.6.18-8.1.15.el5"
"2.6.18-53.el5"
"2.6.18-53.1.4.el5"
"2.6.18-53.1.6.el5"
"2.6.18-53.1.13.el5"
"2.6.18-53.1.14.el5"
"2.6.18-53.1.19.el5"
"2.6.18-53.1.21.el5"
"2.6.18-92.el5"
"2.6.18-92.1.1.el5"
"2.6.18-92.1.6.el5"
"2.6.18-92.1.10.el5"
"2.6.18-92.1.13.el5"
"2.6.18-92.1.18.el5"
"2.6.18-92.1.22.el5"
"2.6.18-92.1.24.el5"
"2.6.18-92.1.26.el5"
"2.6.18-92.1.27.el5"
"2.6.18-92.1.28.el5"
"2.6.18-92.1.29.el5"
"2.6.18-92.1.32.el5"
"2.6.18-92.1.35.el5"
"2.6.18-92.1.38.el5"
"2.6.18-128.el5"
"2.6.18-128.1.1.el5"
"2.6.18-128.1.6.el5"
"2.6.18-128.1.10.el5"
"2.6.18-128.1.14.el5"
"2.6.18-128.1.16.el5"
"2.6.18-128.2.1.el5"
"2.6.18-128.4.1.el5"
"2.6.18-128.4.1.el5"
"2.6.18-128.7.1.el5"
"2.6.18-128.8.1.el5"
"2.6.18-128.11.1.el5"
"2.6.18-128.12.1.el5"
"2.6.18-128.14.1.el5"
"2.6.18-128.16.1.el5"
"2.6.18-128.17.1.el5"
"2.6.18-128.18.1.el5"
"2.6.18-128.23.1.el5"
"2.6.18-128.23.2.el5"
"2.6.18-128.25.1.el5"
"2.6.18-128.26.1.el5"
"2.6.18-128.27.1.el5"
"2.6.18-128.29.1.el5"
"2.6.18-128.30.1.el5"
"2.6.18-128.31.1.el5"
"2.6.18-128.32.1.el5"
"2.6.18-128.35.1.el5"
"2.6.18-128.36.1.el5"
"2.6.18-128.37.1.el5"
"2.6.18-128.38.1.el5"
"2.6.18-128.39.1.el5"
"2.6.18-128.40.1.el5"
"2.6.18-128.41.1.el5"
"2.6.18-164.el5"
"2.6.18-164.2.1.el5"
"2.6.18-164.6.1.el5"
"2.6.18-164.9.1.el5"
"2.6.18-164.10.1.el5"
"2.6.18-164.11.1.el5"
"2.6.18-164.15.1.el5"
"2.6.18-164.17.1.el5"
"2.6.18-164.19.1.el5"
"2.6.18-164.21.1.el5"
"2.6.18-164.25.1.el5"
"2.6.18-164.25.2.el5"
"2.6.18-164.28.1.el5"
"2.6.18-164.30.1.el5"
"2.6.18-164.32.1.el5"
"2.6.18-164.34.1.el5"
"2.6.18-164.36.1.el5"
"2.6.18-164.37.1.el5"
"2.6.18-164.38.1.el5"
"2.6.18-194.el5"
"2.6.18-194.3.1.el5"
"2.6.18-194.8.1.el5"
"2.6.18-194.11.1.el5"
"2.6.18-194.11.3.el5"
"2.6.18-194.11.4.el5"
"2.6.18-194.17.1.el5"
"2.6.18-194.17.4.el5"
"2.6.18-194.26.1.el5"
"2.6.18-194.32.1.el5"
"2.6.18-238.el5"
"2.6.18-238.1.1.el5"
"2.6.18-238.5.1.el5"
"2.6.18-238.9.1.el5"
"2.6.18-238.12.1.el5"
"2.6.18-238.19.1.el5"
"2.6.18-238.21.1.el5"
"2.6.18-238.27.1.el5"
"2.6.18-238.28.1.el5"
"2.6.18-238.31.1.el5"
"2.6.18-238.33.1.el5"
"2.6.18-238.35.1.el5"
"2.6.18-238.37.1.el5"
"2.6.18-238.39.1.el5"
"2.6.18-238.40.1.el5"
"2.6.18-238.44.1.el5"
"2.6.18-238.45.1.el5"
"2.6.18-238.47.1.el5"
"2.6.18-238.48.1.el5"
"2.6.18-238.49.1.el5"
"2.6.18-238.50.1.el5"
"2.6.18-238.51.1.el5"
"2.6.18-238.52.1.el5"
"2.6.18-238.53.1.el5"
"2.6.18-238.54.1.el5"
"2.6.18-238.55.1.el5"
"2.6.18-238.56.1.el5"
"2.6.18-274.el5"
"2.6.18-274.3.1.el5"
"2.6.18-274.7.1.el5"
"2.6.18-274.12.1.el5"
"2.6.18-274.17.1.el5"
"2.6.18-274.18.1.el5"
"2.6.18-308.el5"
"2.6.18-308.1.1.el5"
"2.6.18-308.4.1.el5"
"2.6.18-308.8.1.el5"
"2.6.18-308.8.2.el5"
"2.6.18-308.11.1.el5"
"2.6.18-308.13.1.el5"
"2.6.18-308.16.1.el5"
"2.6.18-308.20.1.el5"
"2.6.18-308.24.1.el5"
"2.6.18-348.el5"
"2.6.18-348.1.1.el5"
"2.6.18-348.2.1.el5"
"2.6.18-348.3.1.el5"
"2.6.18-348.4.1.el5"
"2.6.18-348.6.1.el5"
"2.6.18-348.12.1.el5"
"2.6.18-348.16.1.el5"
"2.6.18-348.18.1.el5"
"2.6.18-348.19.1.el5"
"2.6.18-348.21.1.el5"
"2.6.18-348.22.1.el5"
"2.6.18-348.23.1.el5"
"2.6.18-348.25.1.el5"
"2.6.18-348.27.1.el5"
"2.6.18-348.28.1.el5"
"2.6.18-348.29.1.el5"
"2.6.18-348.30.1.el5"
"2.6.18-348.31.2.el5"
"2.6.18-371.el5"
"2.6.18-371.1.2.el5"
"2.6.18-371.3.1.el5"
"2.6.18-371.4.1.el5"
"2.6.18-371.6.1.el5"
"2.6.18-371.8.1.el5"
"2.6.18-371.9.1.el5"
"2.6.18-371.11.1.el5"
"2.6.18-371.12.1.el5"
"2.6.18-398.el5"
"2.6.18-400.el5"
"2.6.18-400.1.1.el5"
"2.6.18-402.el5"
"2.6.18-404.el5"
"2.6.18-406.el5"
"2.6.18-407.el5"
"2.6.18-408.el5"
"2.6.18-409.el5"
"2.6.18-410.el5"
"2.6.18-411.el5"
"2.6.18-412.el5"
# RHEL6
"2.6.32-71.7.1.el6"
"2.6.32-71.14.1.el6"
"2.6.32-71.18.1.el6"
"2.6.32-71.18.2.el6"
"2.6.32-71.24.1.el6"
"2.6.32-71.29.1.el6"
"2.6.32-71.31.1.el6"
"2.6.32-71.34.1.el6"
"2.6.32-71.35.1.el6"
"2.6.32-71.36.1.el6"
"2.6.32-71.37.1.el6"
"2.6.32-71.38.1.el6"
"2.6.32-71.39.1.el6"
"2.6.32-71.40.1.el6"
"2.6.32-131.0.15.el6"
"2.6.32-131.2.1.el6"
"2.6.32-131.4.1.el6"
"2.6.32-131.6.1.el6"
"2.6.32-131.12.1.el6"
"2.6.32-131.17.1.el6"
"2.6.32-131.21.1.el6"
"2.6.32-131.22.1.el6"
"2.6.32-131.25.1.el6"
"2.6.32-131.26.1.el6"
"2.6.32-131.28.1.el6"
"2.6.32-131.29.1.el6"
"2.6.32-131.30.1.el6"
"2.6.32-131.30.2.el6"
"2.6.32-131.33.1.el6"
"2.6.32-131.35.1.el6"
"2.6.32-131.36.1.el6"
"2.6.32-131.37.1.el6"
"2.6.32-131.38.1.el6"
"2.6.32-131.39.1.el6"
"2.6.32-220.el6"
"2.6.32-220.2.1.el6"
"2.6.32-220.4.1.el6"
"2.6.32-220.4.2.el6"
"2.6.32-220.4.7.bgq.el6"
"2.6.32-220.7.1.el6"
"2.6.32-220.7.3.p7ih.el6"
"2.6.32-220.7.4.p7ih.el6"
"2.6.32-220.7.6.p7ih.el6"
"2.6.32-220.7.7.p7ih.el6"
"2.6.32-220.13.1.el6"
"2.6.32-220.17.1.el6"
"2.6.32-220.23.1.el6"
"2.6.32-220.24.1.el6"
"2.6.32-220.25.1.el6"
"2.6.32-220.26.1.el6"
"2.6.32-220.28.1.el6"
"2.6.32-220.30.1.el6"
"2.6.32-220.31.1.el6"
"2.6.32-220.32.1.el6"
"2.6.32-220.34.1.el6"
"2.6.32-220.34.2.el6"
"2.6.32-220.38.1.el6"
"2.6.32-220.39.1.el6"
"2.6.32-220.41.1.el6"
"2.6.32-220.42.1.el6"
"2.6.32-220.45.1.el6"
"2.6.32-220.46.1.el6"
"2.6.32-220.48.1.el6"
"2.6.32-220.51.1.el6"
"2.6.32-220.52.1.el6"
"2.6.32-220.53.1.el6"
"2.6.32-220.54.1.el6"
"2.6.32-220.55.1.el6"
"2.6.32-220.56.1.el6"
"2.6.32-220.57.1.el6"
"2.6.32-220.58.1.el6"
"2.6.32-220.60.2.el6"
"2.6.32-220.62.1.el6"
"2.6.32-220.63.2.el6"
"2.6.32-220.64.1.el6"
"2.6.32-220.65.1.el6"
"2.6.32-220.66.1.el6"
"2.6.32-220.67.1.el6"
"2.6.32-279.el6"
"2.6.32-279.1.1.el6"
"2.6.32-279.2.1.el6"
"2.6.32-279.5.1.el6"
"2.6.32-279.5.2.el6"
"2.6.32-279.9.1.el6"
"2.6.32-279.11.1.el6"
"2.6.32-279.14.1.bgq.el6"
"2.6.32-279.14.1.el6"
"2.6.32-279.19.1.el6"
"2.6.32-279.22.1.el6"
"2.6.32-279.23.1.el6"
"2.6.32-279.25.1.el6"
"2.6.32-279.25.2.el6"
"2.6.32-279.31.1.el6"
"2.6.32-279.33.1.el6"
"2.6.32-279.34.1.el6"
"2.6.32-279.37.2.el6"
"2.6.32-279.39.1.el6"
"2.6.32-279.41.1.el6"
"2.6.32-279.42.1.el6"
"2.6.32-279.43.1.el6"
"2.6.32-279.43.2.el6"
"2.6.32-279.46.1.el6"
"2.6.32-358.el6"
"2.6.32-358.0.1.el6"
"2.6.32-358.2.1.el6"
"2.6.32-358.6.1.el6"
"2.6.32-358.6.2.el6"
"2.6.32-358.6.3.p7ih.el6"
"2.6.32-358.11.1.bgq.el6"
"2.6.32-358.11.1.el6"
"2.6.32-358.14.1.el6"
"2.6.32-358.18.1.el6"
"2.6.32-358.23.2.el6"
"2.6.32-358.28.1.el6"
"2.6.32-358.32.3.el6"
"2.6.32-358.37.1.el6"
"2.6.32-358.41.1.el6"
"2.6.32-358.44.1.el6"
"2.6.32-358.46.1.el6"
"2.6.32-358.46.2.el6"
"2.6.32-358.48.1.el6"
"2.6.32-358.49.1.el6"
"2.6.32-358.51.1.el6"
"2.6.32-358.51.2.el6"
"2.6.32-358.55.1.el6"
"2.6.32-358.56.1.el6"
"2.6.32-358.59.1.el6"
"2.6.32-358.61.1.el6"
"2.6.32-358.62.1.el6"
"2.6.32-358.65.1.el6"
"2.6.32-358.67.1.el6"
"2.6.32-358.68.1.el6"
"2.6.32-358.69.1.el6"
"2.6.32-358.70.1.el6"
"2.6.32-358.71.1.el6"
"2.6.32-358.72.1.el6"
"2.6.32-358.73.1.el6"
"2.6.32-358.111.1.openstack.el6"
"2.6.32-358.114.1.openstack.el6"
"2.6.32-358.118.1.openstack.el6"
"2.6.32-358.123.4.openstack.el6"
"2.6.32-431.el6"
"2.6.32-431.1.1.bgq.el6"
"2.6.32-431.1.2.el6"
"2.6.32-431.3.1.el6"
"2.6.32-431.5.1.el6"
"2.6.32-431.11.2.el6"
"2.6.32-431.17.1.el6"
"2.6.32-431.20.3.el6"
"2.6.32-431.20.5.el6"
"2.6.32-431.23.3.el6"
"2.6.32-431.29.2.el6"
"2.6.32-431.37.1.el6"
"2.6.32-431.40.1.el6"
"2.6.32-431.40.2.el6"
"2.6.32-431.46.2.el6"
"2.6.32-431.50.1.el6"
"2.6.32-431.53.2.el6"
"2.6.32-431.56.1.el6"
"2.6.32-431.59.1.el6"
"2.6.32-431.61.2.el6"
"2.6.32-431.64.1.el6"
"2.6.32-431.66.1.el6"
"2.6.32-431.68.1.el6"
"2.6.32-431.69.1.el6"
"2.6.32-431.70.1.el6"
"2.6.32-431.71.1.el6"
"2.6.32-431.72.1.el6"
"2.6.32-431.73.2.el6"
"2.6.32-431.74.1.el6"
"2.6.32-504.el6"
"2.6.32-504.1.3.el6"
"2.6.32-504.3.3.el6"
"2.6.32-504.8.1.el6"
"2.6.32-504.8.2.bgq.el6"
"2.6.32-504.12.2.el6"
"2.6.32-504.16.2.el6"
"2.6.32-504.23.4.el6"
"2.6.32-504.30.3.el6"
"2.6.32-504.30.5.p7ih.el6"
"2.6.32-504.33.2.el6"
"2.6.32-504.36.1.el6"
"2.6.32-504.38.1.el6"
"2.6.32-504.40.1.el6"
"2.6.32-504.43.1.el6"
"2.6.32-504.46.1.el6"
"2.6.32-504.49.1.el6"
"2.6.32-504.50.1.el6"
"2.6.32-504.51.1.el6"
"2.6.32-504.52.1.el6"
"2.6.32-573.el6"
"2.6.32-573.1.1.el6"
"2.6.32-573.3.1.el6"
"2.6.32-573.4.2.bgq.el6"
"2.6.32-573.7.1.el6"
"2.6.32-573.8.1.el6"
"2.6.32-573.12.1.el6"
"2.6.32-573.18.1.el6"
"2.6.32-573.22.1.el6"
"2.6.32-573.26.1.el6"
"2.6.32-573.30.1.el6"
"2.6.32-573.32.1.el6"
"2.6.32-573.34.1.el6"
"2.6.32-642.el6"
"2.6.32-642.1.1.el6"
"2.6.32-642.3.1.el6"
"2.6.32-642.4.2.el6"
"2.6.32-642.6.1.el6"
# RHEL7
"3.10.0-123.el7"
"3.10.0-123.1.2.el7"
"3.10.0-123.4.2.el7"
"3.10.0-123.4.4.el7"
"3.10.0-123.6.3.el7"
"3.10.0-123.8.1.el7"
"3.10.0-123.9.2.el7"
"3.10.0-123.9.3.el7"
"3.10.0-123.13.1.el7"
"3.10.0-123.13.2.el7"
"3.10.0-123.20.1.el7"
"3.10.0-229.el7"
"3.10.0-229.1.2.el7"
"3.10.0-229.4.2.el7"
"3.10.0-229.7.2.el7"
"3.10.0-229.11.1.el7"
"3.10.0-229.14.1.el7"
"3.10.0-229.20.1.el7"
"3.10.0-229.24.2.el7"
"3.10.0-229.26.2.el7"
"3.10.0-229.28.1.el7"
"3.10.0-229.30.1.el7"
"3.10.0-229.34.1.el7"
"3.10.0-229.38.1.el7"
"3.10.0-229.40.1.el7"
"3.10.0-229.42.1.el7"
"3.10.0-327.el7"
"3.10.0-327.3.1.el7"
"3.10.0-327.4.4.el7"
"3.10.0-327.4.5.el7"
"3.10.0-327.10.1.el7"
"3.10.0-327.13.1.el7"
"3.10.0-327.18.2.el7"
"3.10.0-327.22.2.el7"
"3.10.0-327.28.2.el7"
"3.10.0-327.28.3.el7"
"3.10.0-327.36.1.el7"
"3.10.0-327.36.2.el7"
"3.10.0-229.1.2.ael7b"
"3.10.0-229.4.2.ael7b"
"3.10.0-229.7.2.ael7b"
"3.10.0-229.11.1.ael7b"
"3.10.0-229.14.1.ael7b"
"3.10.0-229.20.1.ael7b"
"3.10.0-229.24.2.ael7b"
"3.10.0-229.26.2.ael7b"
"3.10.0-229.28.1.ael7b"
"3.10.0-229.30.1.ael7b"
"3.10.0-229.34.1.ael7b"
"3.10.0-229.38.1.ael7b"
"3.10.0-229.40.1.ael7b"
"3.10.0-229.42.1.ael7b"
"4.2.0-0.21.el7"
# RHEL5
"2.6.24.7-74.el5rt"
"2.6.24.7-81.el5rt"
"2.6.24.7-93.el5rt"
"2.6.24.7-101.el5rt"
"2.6.24.7-108.el5rt"
"2.6.24.7-111.el5rt"
"2.6.24.7-117.el5rt"
"2.6.24.7-126.el5rt"
"2.6.24.7-132.el5rt"
"2.6.24.7-137.el5rt"
"2.6.24.7-139.el5rt"
"2.6.24.7-146.el5rt"
"2.6.24.7-149.el5rt"
"2.6.24.7-161.el5rt"
"2.6.24.7-169.el5rt"
"2.6.33.7-rt29.45.el5rt"
"2.6.33.7-rt29.47.el5rt"
"2.6.33.7-rt29.55.el5rt"
"2.6.33.9-rt31.64.el5rt"
"2.6.33.9-rt31.67.el5rt"
"2.6.33.9-rt31.86.el5rt"
# RHEL6
"2.6.33.9-rt31.66.el6rt"
"2.6.33.9-rt31.74.el6rt"
"2.6.33.9-rt31.75.el6rt"
"2.6.33.9-rt31.79.el6rt"
"3.0.9-rt26.45.el6rt"
"3.0.9-rt26.46.el6rt"
"3.0.18-rt34.53.el6rt"
"3.0.25-rt44.57.el6rt"
"3.0.30-rt50.62.el6rt"
"3.0.36-rt57.66.el6rt"
"3.2.23-rt37.56.el6rt"
"3.2.33-rt50.66.el6rt"
"3.6.11-rt28.20.el6rt"
"3.6.11-rt30.25.el6rt"
"3.6.11.2-rt33.39.el6rt"
"3.6.11.5-rt37.55.el6rt"
"3.8.13-rt14.20.el6rt"
"3.8.13-rt14.25.el6rt"
"3.8.13-rt27.33.el6rt"
"3.8.13-rt27.34.el6rt"
"3.8.13-rt27.40.el6rt"
"3.10.0-229.rt56.144.el6rt"
"3.10.0-229.rt56.147.el6rt"
"3.10.0-229.rt56.149.el6rt"
"3.10.0-229.rt56.151.el6rt"
"3.10.0-229.rt56.153.el6rt"
"3.10.0-229.rt56.158.el6rt"
"3.10.0-229.rt56.161.el6rt"
"3.10.0-229.rt56.162.el6rt"
"3.10.0-327.rt56.170.el6rt"
"3.10.0-327.rt56.171.el6rt"
"3.10.0-327.rt56.176.el6rt"
"3.10.0-327.rt56.183.el6rt"
"3.10.0-327.rt56.190.el6rt"
"3.10.0-327.rt56.194.el6rt"
"3.10.0-327.rt56.195.el6rt"
"3.10.0-327.rt56.197.el6rt"
"3.10.33-rt32.33.el6rt"
"3.10.33-rt32.34.el6rt"
"3.10.33-rt32.43.el6rt"
"3.10.33-rt32.45.el6rt"
"3.10.33-rt32.51.el6rt"
"3.10.33-rt32.52.el6rt"
"3.10.58-rt62.58.el6rt"
"3.10.58-rt62.60.el6rt"
# RHEL7
"3.10.0-229.rt56.141.el7"
"3.10.0-229.1.2.rt56.141.2.el7_1"
"3.10.0-229.4.2.rt56.141.6.el7_1"
"3.10.0-229.7.2.rt56.141.6.el7_1"
"3.10.0-229.11.1.rt56.141.11.el7_1"
"3.10.0-229.14.1.rt56.141.13.el7_1"
"3.10.0-229.20.1.rt56.141.14.el7_1"
"3.10.0-229.rt56.141.el7"
"3.10.0-327.rt56.204.el7"
"3.10.0-327.4.5.rt56.206.el7_2"
"3.10.0-327.10.1.rt56.211.el7_2"
"3.10.0-327.13.1.rt56.216.el7_2"
"3.10.0-327.18.2.rt56.223.el7_2"
"3.10.0-327.22.2.rt56.230.el7_2"
"3.10.0-327.28.2.rt56.234.el7_2"
"3.10.0-327.28.3.rt56.235.el7"
"3.10.0-327.36.1.rt56.237.el7"
)
KPATCH_MODULE_NAMES=(
"kpatch_3_10_0_327_36_1_1_1"
"kpatch_3_10_0_327_36_2_1_1"
"kpatch_3_10_0_229_4_2_1_1"
"kpatch_3_10_0_327_28_3_1_1"
"kpatch_3_10_0_327_28_2_1_1"
"kpatch_3_10_0_327_13_1_1_1"
"kpatch_3_10_0_327_10_1_1_2"
"kpatch_3_10_0_327_4_5_1_1"
"kpatch_3_10_0_229_14_1_1_1"
"kpatch_3_10_0_229_42_1_1_1"
"kpatch_3_10_0_327_22_2_1_2"
)
running_kernel=$( uname -r )
# Check supported platform
if [[ "$running_kernel" != *".el"[5-7]* ]]; then
echo -e "${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}"
exit 4
fi
# Check kernel if it is vulnerable
for tested_kernel in "${VULNERABLE_VERSIONS[@]}"; do
if [[ "$running_kernel" == *"$tested_kernel"* ]]; then
vulnerable_kernel=${running_kernel}
break
fi
done
# Check if kpatch is installed
modules=$( lsmod )
for tested_kpatch in "${KPATCH_MODULE_NAMES[@]}"; do
if [[ "$modules" == *"$tested_kpatch"* ]]; then
applied_kpatch=${tested_kpatch}
break
fi
done
# Check mitigation
mitigated=0
while read -r line; do
if [[ "$line" == *"$MITIGATION_ON"* ]]; then
mitigated=1
elif [[ "$line" == *"$MITIGATION_OFF"* ]]; then
mitigated=0
fi
done < <( dmesg )
# Result interpretation
result=${VULNERABLE}
if (( mitigated )); then
result=${MITIGATED}
fi
if [[ ! "$vulnerable_kernel" ]]; then
result=${SAFE_KERNEL}
elif [[ "$applied_kpatch" ]]; then
result=${SAFE_KPATCH}
fi
# Print result
if [[ ${result} == "$SAFE_KERNEL" ]]; then
echo -e "${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}"
exit 0
elif [[ ${result} == "$SAFE_KPATCH" ]]; then
echo -e "Your kernel is $running_kernel which is normally vulnerable."
echo -e "${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}"
exit 1
elif [[ ${result} == "$MITIGATED" ]]; then
echo -e "${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}"
echo -e "${YELLOW}You have a partial mitigation applied.${RESET}"
echo -e "This mitigation protects against most common attack vectors which are already exploited in the wild,"
echo -e "but does not protect against all possible attack vectors."
echo -e "Red Hat recommends that you update your kernel as soon as possible."
exit 2
else
echo -e "${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}"
echo -e "Red Hat recommends that you update your kernel. Alternatively, you can apply partial"
echo -e "mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 ."
exit 3
run it as below
Ex : ./bug-checker.sh it will show you whether your system is affected or not.
How to Apply Fix if affected
Once you know that you system is affected, you have to update the kernel for your system to get rid of this bug, but you need to know based on you system which version of kernel would be needed to resolve this issue, So here is the base version list as per OS version which you need to install. Minimum this version would be needed to to clean the dirty COW :)RHEL 5 :
kernel-2.6.18-416
kernel-devel-2.6.18
kernel-headers-2.6.18
RHEL 6 :
kernel-2.6.32
kernel-devel-2.6.32
kernel-headers-2.6.32
RHEL 7
kernel-3.10.0
kernel-devel-3.10.0
kernel-headers-3.10.0
Ubuntu
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
Debian
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
Note : And reboot required for new kernel to take effect
Preparation :
Your server might be important to you and for that you need to follow below steps so that after reboot all the services should be running as previousरिबूट के पहले (Before Reboot) :
As you have done with installing kernel packages make sure to check- All the necessary services are made chkconfig to start upon server reboot
- If you have any mount points it should be umount first and need to remount after server reboot
- Take backup of Database if you are rebooting the mysql production just a precautionary measure.
- Put the site on maintenance mode by showing 503 status code
- reboot the server.
रिबूट के बाद (After Reboot) :
- Check new version of Kernel is showing or not by running command uname -a
- Run above script again to verify.
- Check if all necessary services are UP and running.
- Check mounts points
- Check if emails are going or not.
- Check connectivity between server.
- Check the production/stage site hosted on a server.
References :
- https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability
- https://access.redhat.com/security/vulnerabilities/2706661
- https://dirtycow.ninja/
support@linuxforeveryone.com