Recently World of Linux come across yet another bug which is haunting the nix users all over the world. This bug has given a name COW and its associated CVE number is CVE-2016-5195.
Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)
support@linuxforeveryone.com
Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)
support@linuxforeveryone.com
Background :
later when I started reading about this bug in details got to know how this bug got his name, which nothing but a "copy-on-write" technique which Linux kernel uses to maintain the private read -only memory mapping and this technique have some flaws in it since 2007 woohooo that was way long back.
In other words if i have to say is this bugs allow a server to become completely compromised through local privilege escalation. This vulnerability is specific to the Linux Kernel, and exploiting this vulnerability does require a local system user (compromised or not) to run malicious code to obtain admin privileges. Despite this requirement, this is a high priority security patch that should be patched as soon as possible due to its severity.
How to Check if your System is vulnerable:
Run the below script to check whether you system are affected by this bug or not.
copy and paste below content in file say bug-checker.sh and give it executable permission
#!/bin/bash # Version: 1.3 RED="\033[1;31m" YELLOW="\033[1;33m" GREEN="\033[1;32m" BOLD="\033[1m" RESET="\033[0m" SAFE_KERNEL="SAFE_KERNEL" SAFE_KPATCH="SAFE_KPATCH" MITIGATED="MITIGATED" VULNERABLE="VULNERABLE" MITIGATION_ON='CVE-2016-5195 mitigation loaded' MITIGATION_OFF='CVE-2016-5195 mitigation unloaded' VULNERABLE_VERSIONS=( # RHEL5 "2.6.18-8.1.1.el5" "2.6.18-8.1.3.el5" "2.6.18-8.1.4.el5" "2.6.18-8.1.6.el5" "2.6.18-8.1.8.el5" "2.6.18-8.1.10.el5" "2.6.18-8.1.14.el5" "2.6.18-8.1.15.el5" "2.6.18-53.el5" "2.6.18-53.1.4.el5" "2.6.18-53.1.6.el5" "2.6.18-53.1.13.el5" "2.6.18-53.1.14.el5" "2.6.18-53.1.19.el5" "2.6.18-53.1.21.el5" "2.6.18-92.el5" "2.6.18-92.1.1.el5" "2.6.18-92.1.6.el5" "2.6.18-92.1.10.el5" "2.6.18-92.1.13.el5" "2.6.18-92.1.18.el5" "2.6.18-92.1.22.el5" "2.6.18-92.1.24.el5" "2.6.18-92.1.26.el5" "2.6.18-92.1.27.el5" "2.6.18-92.1.28.el5" "2.6.18-92.1.29.el5" "2.6.18-92.1.32.el5" "2.6.18-92.1.35.el5" "2.6.18-92.1.38.el5" "2.6.18-128.el5" "2.6.18-128.1.1.el5" "2.6.18-128.1.6.el5" "2.6.18-128.1.10.el5" "2.6.18-128.1.14.el5" "2.6.18-128.1.16.el5" "2.6.18-128.2.1.el5" "2.6.18-128.4.1.el5" "2.6.18-128.4.1.el5" "2.6.18-128.7.1.el5" "2.6.18-128.8.1.el5" "2.6.18-128.11.1.el5" "2.6.18-128.12.1.el5" "2.6.18-128.14.1.el5" "2.6.18-128.16.1.el5" "2.6.18-128.17.1.el5" "2.6.18-128.18.1.el5" "2.6.18-128.23.1.el5" "2.6.18-128.23.2.el5" "2.6.18-128.25.1.el5" "2.6.18-128.26.1.el5" "2.6.18-128.27.1.el5" "2.6.18-128.29.1.el5" "2.6.18-128.30.1.el5" "2.6.18-128.31.1.el5" "2.6.18-128.32.1.el5" "2.6.18-128.35.1.el5" "2.6.18-128.36.1.el5" "2.6.18-128.37.1.el5" "2.6.18-128.38.1.el5" "2.6.18-128.39.1.el5" "2.6.18-128.40.1.el5" "2.6.18-128.41.1.el5" "2.6.18-164.el5" "2.6.18-164.2.1.el5" "2.6.18-164.6.1.el5" "2.6.18-164.9.1.el5" "2.6.18-164.10.1.el5" "2.6.18-164.11.1.el5" "2.6.18-164.15.1.el5" "2.6.18-164.17.1.el5" "2.6.18-164.19.1.el5" "2.6.18-164.21.1.el5" "2.6.18-164.25.1.el5" "2.6.18-164.25.2.el5" "2.6.18-164.28.1.el5" "2.6.18-164.30.1.el5" "2.6.18-164.32.1.el5" "2.6.18-164.34.1.el5" "2.6.18-164.36.1.el5" "2.6.18-164.37.1.el5" "2.6.18-164.38.1.el5" "2.6.18-194.el5" "2.6.18-194.3.1.el5" "2.6.18-194.8.1.el5" "2.6.18-194.11.1.el5" "2.6.18-194.11.3.el5" "2.6.18-194.11.4.el5" "2.6.18-194.17.1.el5" "2.6.18-194.17.4.el5" "2.6.18-194.26.1.el5" "2.6.18-194.32.1.el5" "2.6.18-238.el5" "2.6.18-238.1.1.el5" "2.6.18-238.5.1.el5" "2.6.18-238.9.1.el5" "2.6.18-238.12.1.el5" "2.6.18-238.19.1.el5" "2.6.18-238.21.1.el5" "2.6.18-238.27.1.el5" "2.6.18-238.28.1.el5" "2.6.18-238.31.1.el5" "2.6.18-238.33.1.el5" "2.6.18-238.35.1.el5" "2.6.18-238.37.1.el5" "2.6.18-238.39.1.el5" "2.6.18-238.40.1.el5" "2.6.18-238.44.1.el5" "2.6.18-238.45.1.el5" "2.6.18-238.47.1.el5" "2.6.18-238.48.1.el5" "2.6.18-238.49.1.el5" "2.6.18-238.50.1.el5" "2.6.18-238.51.1.el5" "2.6.18-238.52.1.el5" "2.6.18-238.53.1.el5" "2.6.18-238.54.1.el5" "2.6.18-238.55.1.el5" "2.6.18-238.56.1.el5" "2.6.18-274.el5" "2.6.18-274.3.1.el5" "2.6.18-274.7.1.el5" "2.6.18-274.12.1.el5" "2.6.18-274.17.1.el5" "2.6.18-274.18.1.el5" "2.6.18-308.el5" "2.6.18-308.1.1.el5" "2.6.18-308.4.1.el5" "2.6.18-308.8.1.el5" "2.6.18-308.8.2.el5" "2.6.18-308.11.1.el5" "2.6.18-308.13.1.el5" "2.6.18-308.16.1.el5" "2.6.18-308.20.1.el5" "2.6.18-308.24.1.el5" "2.6.18-348.el5" "2.6.18-348.1.1.el5" "2.6.18-348.2.1.el5" "2.6.18-348.3.1.el5" "2.6.18-348.4.1.el5" "2.6.18-348.6.1.el5" "2.6.18-348.12.1.el5" "2.6.18-348.16.1.el5" "2.6.18-348.18.1.el5" "2.6.18-348.19.1.el5" "2.6.18-348.21.1.el5" "2.6.18-348.22.1.el5" "2.6.18-348.23.1.el5" "2.6.18-348.25.1.el5" "2.6.18-348.27.1.el5" "2.6.18-348.28.1.el5" "2.6.18-348.29.1.el5" "2.6.18-348.30.1.el5" "2.6.18-348.31.2.el5" "2.6.18-371.el5" "2.6.18-371.1.2.el5" "2.6.18-371.3.1.el5" "2.6.18-371.4.1.el5" "2.6.18-371.6.1.el5" "2.6.18-371.8.1.el5" "2.6.18-371.9.1.el5" "2.6.18-371.11.1.el5" "2.6.18-371.12.1.el5" "2.6.18-398.el5" "2.6.18-400.el5" "2.6.18-400.1.1.el5" "2.6.18-402.el5" "2.6.18-404.el5" "2.6.18-406.el5" "2.6.18-407.el5" "2.6.18-408.el5" "2.6.18-409.el5" "2.6.18-410.el5" "2.6.18-411.el5" "2.6.18-412.el5" # RHEL6 "2.6.32-71.7.1.el6" "2.6.32-71.14.1.el6" "2.6.32-71.18.1.el6" "2.6.32-71.18.2.el6" "2.6.32-71.24.1.el6" "2.6.32-71.29.1.el6" "2.6.32-71.31.1.el6" "2.6.32-71.34.1.el6" "2.6.32-71.35.1.el6" "2.6.32-71.36.1.el6" "2.6.32-71.37.1.el6" "2.6.32-71.38.1.el6" "2.6.32-71.39.1.el6" "2.6.32-71.40.1.el6" "2.6.32-131.0.15.el6" "2.6.32-131.2.1.el6" "2.6.32-131.4.1.el6" "2.6.32-131.6.1.el6" "2.6.32-131.12.1.el6" "2.6.32-131.17.1.el6" "2.6.32-131.21.1.el6" "2.6.32-131.22.1.el6" "2.6.32-131.25.1.el6" "2.6.32-131.26.1.el6" "2.6.32-131.28.1.el6" "2.6.32-131.29.1.el6" "2.6.32-131.30.1.el6" "2.6.32-131.30.2.el6" "2.6.32-131.33.1.el6" "2.6.32-131.35.1.el6" "2.6.32-131.36.1.el6" "2.6.32-131.37.1.el6" "2.6.32-131.38.1.el6" "2.6.32-131.39.1.el6" "2.6.32-220.el6" "2.6.32-220.2.1.el6" "2.6.32-220.4.1.el6" "2.6.32-220.4.2.el6" "2.6.32-220.4.7.bgq.el6" "2.6.32-220.7.1.el6" "2.6.32-220.7.3.p7ih.el6" "2.6.32-220.7.4.p7ih.el6" "2.6.32-220.7.6.p7ih.el6" "2.6.32-220.7.7.p7ih.el6" "2.6.32-220.13.1.el6" "2.6.32-220.17.1.el6" "2.6.32-220.23.1.el6" "2.6.32-220.24.1.el6" "2.6.32-220.25.1.el6" "2.6.32-220.26.1.el6" "2.6.32-220.28.1.el6" "2.6.32-220.30.1.el6" "2.6.32-220.31.1.el6" "2.6.32-220.32.1.el6" "2.6.32-220.34.1.el6" "2.6.32-220.34.2.el6" "2.6.32-220.38.1.el6" "2.6.32-220.39.1.el6" "2.6.32-220.41.1.el6" "2.6.32-220.42.1.el6" "2.6.32-220.45.1.el6" "2.6.32-220.46.1.el6" "2.6.32-220.48.1.el6" "2.6.32-220.51.1.el6" "2.6.32-220.52.1.el6" "2.6.32-220.53.1.el6" "2.6.32-220.54.1.el6" "2.6.32-220.55.1.el6" "2.6.32-220.56.1.el6" "2.6.32-220.57.1.el6" "2.6.32-220.58.1.el6" "2.6.32-220.60.2.el6" "2.6.32-220.62.1.el6" "2.6.32-220.63.2.el6" "2.6.32-220.64.1.el6" "2.6.32-220.65.1.el6" "2.6.32-220.66.1.el6" "2.6.32-220.67.1.el6" "2.6.32-279.el6" "2.6.32-279.1.1.el6" "2.6.32-279.2.1.el6" "2.6.32-279.5.1.el6" "2.6.32-279.5.2.el6" "2.6.32-279.9.1.el6" "2.6.32-279.11.1.el6" "2.6.32-279.14.1.bgq.el6" "2.6.32-279.14.1.el6" "2.6.32-279.19.1.el6" "2.6.32-279.22.1.el6" "2.6.32-279.23.1.el6" "2.6.32-279.25.1.el6" "2.6.32-279.25.2.el6" "2.6.32-279.31.1.el6" "2.6.32-279.33.1.el6" "2.6.32-279.34.1.el6" "2.6.32-279.37.2.el6" "2.6.32-279.39.1.el6" "2.6.32-279.41.1.el6" "2.6.32-279.42.1.el6" "2.6.32-279.43.1.el6" "2.6.32-279.43.2.el6" "2.6.32-279.46.1.el6" "2.6.32-358.el6" "2.6.32-358.0.1.el6" "2.6.32-358.2.1.el6" "2.6.32-358.6.1.el6" "2.6.32-358.6.2.el6" "2.6.32-358.6.3.p7ih.el6" "2.6.32-358.11.1.bgq.el6" "2.6.32-358.11.1.el6" "2.6.32-358.14.1.el6" "2.6.32-358.18.1.el6" "2.6.32-358.23.2.el6" "2.6.32-358.28.1.el6" "2.6.32-358.32.3.el6" "2.6.32-358.37.1.el6" "2.6.32-358.41.1.el6" "2.6.32-358.44.1.el6" "2.6.32-358.46.1.el6" "2.6.32-358.46.2.el6" "2.6.32-358.48.1.el6" "2.6.32-358.49.1.el6" "2.6.32-358.51.1.el6" "2.6.32-358.51.2.el6" "2.6.32-358.55.1.el6" "2.6.32-358.56.1.el6" "2.6.32-358.59.1.el6" "2.6.32-358.61.1.el6" "2.6.32-358.62.1.el6" "2.6.32-358.65.1.el6" "2.6.32-358.67.1.el6" "2.6.32-358.68.1.el6" "2.6.32-358.69.1.el6" "2.6.32-358.70.1.el6" "2.6.32-358.71.1.el6" "2.6.32-358.72.1.el6" "2.6.32-358.73.1.el6" "2.6.32-358.111.1.openstack.el6" "2.6.32-358.114.1.openstack.el6" "2.6.32-358.118.1.openstack.el6" "2.6.32-358.123.4.openstack.el6" "2.6.32-431.el6" "2.6.32-431.1.1.bgq.el6" "2.6.32-431.1.2.el6" "2.6.32-431.3.1.el6" "2.6.32-431.5.1.el6" "2.6.32-431.11.2.el6" "2.6.32-431.17.1.el6" "2.6.32-431.20.3.el6" "2.6.32-431.20.5.el6" "2.6.32-431.23.3.el6" "2.6.32-431.29.2.el6" "2.6.32-431.37.1.el6" "2.6.32-431.40.1.el6" "2.6.32-431.40.2.el6" "2.6.32-431.46.2.el6" "2.6.32-431.50.1.el6" "2.6.32-431.53.2.el6" "2.6.32-431.56.1.el6" "2.6.32-431.59.1.el6" "2.6.32-431.61.2.el6" "2.6.32-431.64.1.el6" "2.6.32-431.66.1.el6" "2.6.32-431.68.1.el6" "2.6.32-431.69.1.el6" "2.6.32-431.70.1.el6" "2.6.32-431.71.1.el6" "2.6.32-431.72.1.el6" "2.6.32-431.73.2.el6" "2.6.32-431.74.1.el6" "2.6.32-504.el6" "2.6.32-504.1.3.el6" "2.6.32-504.3.3.el6" "2.6.32-504.8.1.el6" "2.6.32-504.8.2.bgq.el6" "2.6.32-504.12.2.el6" "2.6.32-504.16.2.el6" "2.6.32-504.23.4.el6" "2.6.32-504.30.3.el6" "2.6.32-504.30.5.p7ih.el6" "2.6.32-504.33.2.el6" "2.6.32-504.36.1.el6" "2.6.32-504.38.1.el6" "2.6.32-504.40.1.el6" "2.6.32-504.43.1.el6" "2.6.32-504.46.1.el6" "2.6.32-504.49.1.el6" "2.6.32-504.50.1.el6" "2.6.32-504.51.1.el6" "2.6.32-504.52.1.el6" "2.6.32-573.el6" "2.6.32-573.1.1.el6" "2.6.32-573.3.1.el6" "2.6.32-573.4.2.bgq.el6" "2.6.32-573.7.1.el6" "2.6.32-573.8.1.el6" "2.6.32-573.12.1.el6" "2.6.32-573.18.1.el6" "2.6.32-573.22.1.el6" "2.6.32-573.26.1.el6" "2.6.32-573.30.1.el6" "2.6.32-573.32.1.el6" "2.6.32-573.34.1.el6" "2.6.32-642.el6" "2.6.32-642.1.1.el6" "2.6.32-642.3.1.el6" "2.6.32-642.4.2.el6" "2.6.32-642.6.1.el6" # RHEL7 "3.10.0-123.el7" "3.10.0-123.1.2.el7" "3.10.0-123.4.2.el7" "3.10.0-123.4.4.el7" "3.10.0-123.6.3.el7" "3.10.0-123.8.1.el7" "3.10.0-123.9.2.el7" "3.10.0-123.9.3.el7" "3.10.0-123.13.1.el7" "3.10.0-123.13.2.el7" "3.10.0-123.20.1.el7" "3.10.0-229.el7" "3.10.0-229.1.2.el7" "3.10.0-229.4.2.el7" "3.10.0-229.7.2.el7" "3.10.0-229.11.1.el7" "3.10.0-229.14.1.el7" "3.10.0-229.20.1.el7" "3.10.0-229.24.2.el7" "3.10.0-229.26.2.el7" "3.10.0-229.28.1.el7" "3.10.0-229.30.1.el7" "3.10.0-229.34.1.el7" "3.10.0-229.38.1.el7" "3.10.0-229.40.1.el7" "3.10.0-229.42.1.el7" "3.10.0-327.el7" "3.10.0-327.3.1.el7" "3.10.0-327.4.4.el7" "3.10.0-327.4.5.el7" "3.10.0-327.10.1.el7" "3.10.0-327.13.1.el7" "3.10.0-327.18.2.el7" "3.10.0-327.22.2.el7" "3.10.0-327.28.2.el7" "3.10.0-327.28.3.el7" "3.10.0-327.36.1.el7" "3.10.0-327.36.2.el7" "3.10.0-229.1.2.ael7b" "3.10.0-229.4.2.ael7b" "3.10.0-229.7.2.ael7b" "3.10.0-229.11.1.ael7b" "3.10.0-229.14.1.ael7b" "3.10.0-229.20.1.ael7b" "3.10.0-229.24.2.ael7b" "3.10.0-229.26.2.ael7b" "3.10.0-229.28.1.ael7b" "3.10.0-229.30.1.ael7b" "3.10.0-229.34.1.ael7b" "3.10.0-229.38.1.ael7b" "3.10.0-229.40.1.ael7b" "3.10.0-229.42.1.ael7b" "4.2.0-0.21.el7" # RHEL5 "2.6.24.7-74.el5rt" "2.6.24.7-81.el5rt" "2.6.24.7-93.el5rt" "2.6.24.7-101.el5rt" "2.6.24.7-108.el5rt" "2.6.24.7-111.el5rt" "2.6.24.7-117.el5rt" "2.6.24.7-126.el5rt" "2.6.24.7-132.el5rt" "2.6.24.7-137.el5rt" "2.6.24.7-139.el5rt" "2.6.24.7-146.el5rt" "2.6.24.7-149.el5rt" "2.6.24.7-161.el5rt" "2.6.24.7-169.el5rt" "2.6.33.7-rt29.45.el5rt" "2.6.33.7-rt29.47.el5rt" "2.6.33.7-rt29.55.el5rt" "2.6.33.9-rt31.64.el5rt" "2.6.33.9-rt31.67.el5rt" "2.6.33.9-rt31.86.el5rt" # RHEL6 "2.6.33.9-rt31.66.el6rt" "2.6.33.9-rt31.74.el6rt" "2.6.33.9-rt31.75.el6rt" "2.6.33.9-rt31.79.el6rt" "3.0.9-rt26.45.el6rt" "3.0.9-rt26.46.el6rt" "3.0.18-rt34.53.el6rt" "3.0.25-rt44.57.el6rt" "3.0.30-rt50.62.el6rt" "3.0.36-rt57.66.el6rt" "3.2.23-rt37.56.el6rt" "3.2.33-rt50.66.el6rt" "3.6.11-rt28.20.el6rt" "3.6.11-rt30.25.el6rt" "3.6.11.2-rt33.39.el6rt" "3.6.11.5-rt37.55.el6rt" "3.8.13-rt14.20.el6rt" "3.8.13-rt14.25.el6rt" "3.8.13-rt27.33.el6rt" "3.8.13-rt27.34.el6rt" "3.8.13-rt27.40.el6rt" "3.10.0-229.rt56.144.el6rt" "3.10.0-229.rt56.147.el6rt" "3.10.0-229.rt56.149.el6rt" "3.10.0-229.rt56.151.el6rt" "3.10.0-229.rt56.153.el6rt" "3.10.0-229.rt56.158.el6rt" "3.10.0-229.rt56.161.el6rt" "3.10.0-229.rt56.162.el6rt" "3.10.0-327.rt56.170.el6rt" "3.10.0-327.rt56.171.el6rt" "3.10.0-327.rt56.176.el6rt" "3.10.0-327.rt56.183.el6rt" "3.10.0-327.rt56.190.el6rt" "3.10.0-327.rt56.194.el6rt" "3.10.0-327.rt56.195.el6rt" "3.10.0-327.rt56.197.el6rt" "3.10.33-rt32.33.el6rt" "3.10.33-rt32.34.el6rt" "3.10.33-rt32.43.el6rt" "3.10.33-rt32.45.el6rt" "3.10.33-rt32.51.el6rt" "3.10.33-rt32.52.el6rt" "3.10.58-rt62.58.el6rt" "3.10.58-rt62.60.el6rt" # RHEL7 "3.10.0-229.rt56.141.el7" "3.10.0-229.1.2.rt56.141.2.el7_1" "3.10.0-229.4.2.rt56.141.6.el7_1" "3.10.0-229.7.2.rt56.141.6.el7_1" "3.10.0-229.11.1.rt56.141.11.el7_1" "3.10.0-229.14.1.rt56.141.13.el7_1" "3.10.0-229.20.1.rt56.141.14.el7_1" "3.10.0-229.rt56.141.el7" "3.10.0-327.rt56.204.el7" "3.10.0-327.4.5.rt56.206.el7_2" "3.10.0-327.10.1.rt56.211.el7_2" "3.10.0-327.13.1.rt56.216.el7_2" "3.10.0-327.18.2.rt56.223.el7_2" "3.10.0-327.22.2.rt56.230.el7_2" "3.10.0-327.28.2.rt56.234.el7_2" "3.10.0-327.28.3.rt56.235.el7" "3.10.0-327.36.1.rt56.237.el7" ) KPATCH_MODULE_NAMES=( "kpatch_3_10_0_327_36_1_1_1" "kpatch_3_10_0_327_36_2_1_1" "kpatch_3_10_0_229_4_2_1_1" "kpatch_3_10_0_327_28_3_1_1" "kpatch_3_10_0_327_28_2_1_1" "kpatch_3_10_0_327_13_1_1_1" "kpatch_3_10_0_327_10_1_1_2" "kpatch_3_10_0_327_4_5_1_1" "kpatch_3_10_0_229_14_1_1_1" "kpatch_3_10_0_229_42_1_1_1" "kpatch_3_10_0_327_22_2_1_2" ) running_kernel=$( uname -r ) # Check supported platform if [[ "$running_kernel" != *".el"[5-7]* ]]; then echo -e "${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}" exit 4 fi # Check kernel if it is vulnerable for tested_kernel in "${VULNERABLE_VERSIONS[@]}"; do if [[ "$running_kernel" == *"$tested_kernel"* ]]; then vulnerable_kernel=${running_kernel} break fi done # Check if kpatch is installed modules=$( lsmod ) for tested_kpatch in "${KPATCH_MODULE_NAMES[@]}"; do if [[ "$modules" == *"$tested_kpatch"* ]]; then applied_kpatch=${tested_kpatch} break fi done # Check mitigation mitigated=0 while read -r line; do if [[ "$line" == *"$MITIGATION_ON"* ]]; then mitigated=1 elif [[ "$line" == *"$MITIGATION_OFF"* ]]; then mitigated=0 fi done < <( dmesg ) # Result interpretation result=${VULNERABLE} if (( mitigated )); then result=${MITIGATED} fi if [[ ! "$vulnerable_kernel" ]]; then result=${SAFE_KERNEL} elif [[ "$applied_kpatch" ]]; then result=${SAFE_KPATCH} fi # Print result if [[ ${result} == "$SAFE_KERNEL" ]]; then echo -e "${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}" exit 0 elif [[ ${result} == "$SAFE_KPATCH" ]]; then echo -e "Your kernel is $running_kernel which is normally vulnerable." echo -e "${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}" exit 1 elif [[ ${result} == "$MITIGATED" ]]; then echo -e "${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}" echo -e "${YELLOW}You have a partial mitigation applied.${RESET}" echo -e "This mitigation protects against most common attack vectors which are already exploited in the wild," echo -e "but does not protect against all possible attack vectors." echo -e "Red Hat recommends that you update your kernel as soon as possible." exit 2 else echo -e "${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}" echo -e "Red Hat recommends that you update your kernel. Alternatively, you can apply partial" echo -e "mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 ." exit 3
run it as below
Ex : ./bug-checker.sh it will show you whether your system is affected or not.
How to Apply Fix if affected
Once you know that you system is affected, you have to update the kernel for your system to get rid of this bug, but you need to know based on you system which version of kernel would be needed to resolve this issue, So here is the base version list as per OS version which you need to install. Minimum this version would be needed to to clean the dirty COW :)RHEL 5 :
kernel-2.6.18-416
kernel-devel-2.6.18
kernel-headers-2.6.18
RHEL 6 :
kernel-2.6.32
kernel-devel-2.6.32
kernel-headers-2.6.32
RHEL 7
kernel-3.10.0
kernel-devel-3.10.0
kernel-headers-3.10.0
Ubuntu
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
Debian
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
Note : And reboot required for new kernel to take effect
Preparation :
Your server might be important to you and for that you need to follow below steps so that after reboot all the services should be running as previousरिबूट के पहले (Before Reboot) :
As you have done with installing kernel packages make sure to check- All the necessary services are made chkconfig to start upon server reboot
- If you have any mount points it should be umount first and need to remount after server reboot
- Take backup of Database if you are rebooting the mysql production just a precautionary measure.
- Put the site on maintenance mode by showing 503 status code
- reboot the server.
रिबूट के बाद (After Reboot) :
- Check new version of Kernel is showing or not by running command uname -a
- Run above script again to verify.
- Check if all necessary services are UP and running.
- Check mounts points
- Check if emails are going or not.
- Check connectivity between server.
- Check the production/stage site hosted on a server.
References :
- https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability
- https://access.redhat.com/security/vulnerabilities/2706661
- https://dirtycow.ninja/
====================================X============X=================================================
Contact support@linuxforeveryone for any Freelancing work on Linux Servers
Subscribe my YouTube Channel
Like My Facebook Page
Browse the Best in class Web Hosting Plans
Thanks for sharing this with us
ReplyDeleteGlad you liked it :)
DeleteThanks for sharing 😊
ReplyDeleteGlad you liked it :)
DeleteI all the time used to study piece of writing in news papers but now as I am a user of net
ReplyDeletethus from now I am using net for content, thanks to
web.
:)
DeleteGood day! Do you know if hey make any plugins to safeguard against hackers?
ReplyDeleteI'm kinda paranoid about losing everything I've
worked hard on. Any tips?
beasiswa mahasiswa s1
Which technology/OS distro you are aiming for ? There is no such ready made plugins available which can prevent from hackers (may be wordpress is providing such for their blog users). But in General our best practices (under it there are several option though)for Server/Application Plus some custom build script on server and modules on application can prevents hackers from exploiting our systems in cost effective way. Else there is always scope of vertical scaling to your environment by introducing IDS,IPS,WAF. your thoughts ?
DeleteThis site certainly has all of thhe information and facts I wanted concerning this subject and didn't know
ReplyDeletewho to ask.
pelajaran mata kuliah manajemen
Thank you for your words :)
DeleteHello i am kavin, its my first time to commenting anywhere,
ReplyDeletewhen i reaad this article i thought i could also create comment ddue
to this good post.
universitas jurusan teknik sipil
Hello Kavin,
DeleteThanks for your comment bro :)
Pretty nice post. I just stumbled upon your weblog and wished
ReplyDeleteto say that I've truly enjoyed browsing your blog posts.
In any case I will be subscribing to your rss feed and I hope you write
again soon!
Thank you :)
DeleteWOW just what I was looking for. Came here by searching for american roulette wheel
ReplyDeleteThank you :) Glad you liked it.
DeleteHello, i think that i noticed you visited my weblog thus i got here to return the choose?.I'm attempting to
ReplyDeletefind things to enhance my website!I guess its ok to make
use of a few of your concepts!!
Share the weblog again, so that i can revisit again ;) BTW Thank you :)
ReplyDeleteThank you :)
ReplyDeleteWhat i don't understood is in fact how you're now not actually a lot more well-appreciated than you might be right
ReplyDeletenow. You are so intelligent. You recognize thus significantly in the case
of this matter, made me in my view imagine it from so many varied angles.
Its like women and men are not involved until it is something to accomplish with Girl gaga!
Your own stuffs outstanding. At all times take care of it up!
:) Thank you for your kind words.
DeleteOnline Casino Site - Lucky Club
ReplyDeleteOnline Casino is a modern and secure online casino where players can enjoy a wide variety of luckyclub casino games and games. With over 100 games and a huge range of Rating: 5 · 1 vote