07 December, 2016

Linux Bug - Dirty COW

Recently World of Linux come across yet another bug which is haunting the nix users all over the world. This bug has given a name COW and its associated CVE number is CVE-2016-5195.

Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)

For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

Background :

later when I started reading about this bug in details got to know how this bug got his name, which nothing but a "copy-on-write" technique which Linux kernel uses to maintain the private read -only memory mapping and this technique have some flaws in it since 2007 woohooo that was way long back.






In other words if i have to say is this bugs allow a server to become completely compromised through local privilege escalation. This vulnerability is specific to the Linux Kernel, and exploiting this vulnerability does require a local system user (compromised or not) to run malicious code to obtain admin privileges. Despite this requirement, this is a high priority security patch that should be patched as soon as possible due to its severity.

How to Check if your System is vulnerable:


Run the below script to check whether you system are affected by this bug or not.

copy and paste below content in file say bug-checker.sh and give it executable permission

#!/bin/bash
# Version: 1.3

RED="\033[1;31m"
YELLOW="\033[1;33m"
GREEN="\033[1;32m"
BOLD="\033[1m"
RESET="\033[0m"

SAFE_KERNEL="SAFE_KERNEL"
SAFE_KPATCH="SAFE_KPATCH"
MITIGATED="MITIGATED"
VULNERABLE="VULNERABLE"

MITIGATION_ON='CVE-2016-5195 mitigation loaded'
MITIGATION_OFF='CVE-2016-5195 mitigation unloaded'


VULNERABLE_VERSIONS=(
    # RHEL5
    "2.6.18-8.1.1.el5"
    "2.6.18-8.1.3.el5"
    "2.6.18-8.1.4.el5"
    "2.6.18-8.1.6.el5"
    "2.6.18-8.1.8.el5"
    "2.6.18-8.1.10.el5"
    "2.6.18-8.1.14.el5"
    "2.6.18-8.1.15.el5"
    "2.6.18-53.el5"
    "2.6.18-53.1.4.el5"
    "2.6.18-53.1.6.el5"
    "2.6.18-53.1.13.el5"
    "2.6.18-53.1.14.el5"
    "2.6.18-53.1.19.el5"
    "2.6.18-53.1.21.el5"
    "2.6.18-92.el5"
    "2.6.18-92.1.1.el5"
    "2.6.18-92.1.6.el5"
    "2.6.18-92.1.10.el5"
    "2.6.18-92.1.13.el5"
    "2.6.18-92.1.18.el5"
    "2.6.18-92.1.22.el5"
    "2.6.18-92.1.24.el5"
    "2.6.18-92.1.26.el5"
    "2.6.18-92.1.27.el5"
    "2.6.18-92.1.28.el5"
    "2.6.18-92.1.29.el5"
    "2.6.18-92.1.32.el5"
    "2.6.18-92.1.35.el5"
    "2.6.18-92.1.38.el5"
    "2.6.18-128.el5"
    "2.6.18-128.1.1.el5"
    "2.6.18-128.1.6.el5"
    "2.6.18-128.1.10.el5"
    "2.6.18-128.1.14.el5"
    "2.6.18-128.1.16.el5"
    "2.6.18-128.2.1.el5"
    "2.6.18-128.4.1.el5"
    "2.6.18-128.4.1.el5"
    "2.6.18-128.7.1.el5"
    "2.6.18-128.8.1.el5"
    "2.6.18-128.11.1.el5"
    "2.6.18-128.12.1.el5"
    "2.6.18-128.14.1.el5"
    "2.6.18-128.16.1.el5"
    "2.6.18-128.17.1.el5"
    "2.6.18-128.18.1.el5"
    "2.6.18-128.23.1.el5"
    "2.6.18-128.23.2.el5"
    "2.6.18-128.25.1.el5"
    "2.6.18-128.26.1.el5"
    "2.6.18-128.27.1.el5"
    "2.6.18-128.29.1.el5"
    "2.6.18-128.30.1.el5"
    "2.6.18-128.31.1.el5"
    "2.6.18-128.32.1.el5"
    "2.6.18-128.35.1.el5"
    "2.6.18-128.36.1.el5"
    "2.6.18-128.37.1.el5"
    "2.6.18-128.38.1.el5"
    "2.6.18-128.39.1.el5"
    "2.6.18-128.40.1.el5"
    "2.6.18-128.41.1.el5"
    "2.6.18-164.el5"
    "2.6.18-164.2.1.el5"
    "2.6.18-164.6.1.el5"
    "2.6.18-164.9.1.el5"
    "2.6.18-164.10.1.el5"
    "2.6.18-164.11.1.el5"
    "2.6.18-164.15.1.el5"
    "2.6.18-164.17.1.el5"
    "2.6.18-164.19.1.el5"
    "2.6.18-164.21.1.el5"
    "2.6.18-164.25.1.el5"
    "2.6.18-164.25.2.el5"
    "2.6.18-164.28.1.el5"
    "2.6.18-164.30.1.el5"
    "2.6.18-164.32.1.el5"
    "2.6.18-164.34.1.el5"
    "2.6.18-164.36.1.el5"
    "2.6.18-164.37.1.el5"
    "2.6.18-164.38.1.el5"
    "2.6.18-194.el5"
    "2.6.18-194.3.1.el5"
    "2.6.18-194.8.1.el5"
    "2.6.18-194.11.1.el5"
    "2.6.18-194.11.3.el5"
    "2.6.18-194.11.4.el5"
    "2.6.18-194.17.1.el5"
    "2.6.18-194.17.4.el5"
    "2.6.18-194.26.1.el5"
    "2.6.18-194.32.1.el5"
    "2.6.18-238.el5"
    "2.6.18-238.1.1.el5"
    "2.6.18-238.5.1.el5"
    "2.6.18-238.9.1.el5"
    "2.6.18-238.12.1.el5"
    "2.6.18-238.19.1.el5"
    "2.6.18-238.21.1.el5"
    "2.6.18-238.27.1.el5"
    "2.6.18-238.28.1.el5"
    "2.6.18-238.31.1.el5"
    "2.6.18-238.33.1.el5"
    "2.6.18-238.35.1.el5"
    "2.6.18-238.37.1.el5"
    "2.6.18-238.39.1.el5"
    "2.6.18-238.40.1.el5"
    "2.6.18-238.44.1.el5"
    "2.6.18-238.45.1.el5"
    "2.6.18-238.47.1.el5"
    "2.6.18-238.48.1.el5"
    "2.6.18-238.49.1.el5"
    "2.6.18-238.50.1.el5"
    "2.6.18-238.51.1.el5"
    "2.6.18-238.52.1.el5"
    "2.6.18-238.53.1.el5"
    "2.6.18-238.54.1.el5"
    "2.6.18-238.55.1.el5"
    "2.6.18-238.56.1.el5"
    "2.6.18-274.el5"
    "2.6.18-274.3.1.el5"
    "2.6.18-274.7.1.el5"
    "2.6.18-274.12.1.el5"
    "2.6.18-274.17.1.el5"
    "2.6.18-274.18.1.el5"
    "2.6.18-308.el5"
    "2.6.18-308.1.1.el5"
    "2.6.18-308.4.1.el5"
    "2.6.18-308.8.1.el5"
    "2.6.18-308.8.2.el5"
    "2.6.18-308.11.1.el5"
    "2.6.18-308.13.1.el5"
    "2.6.18-308.16.1.el5"
    "2.6.18-308.20.1.el5"
    "2.6.18-308.24.1.el5"
    "2.6.18-348.el5"
    "2.6.18-348.1.1.el5"
    "2.6.18-348.2.1.el5"
    "2.6.18-348.3.1.el5"
    "2.6.18-348.4.1.el5"
    "2.6.18-348.6.1.el5"
    "2.6.18-348.12.1.el5"
    "2.6.18-348.16.1.el5"
    "2.6.18-348.18.1.el5"
    "2.6.18-348.19.1.el5"
    "2.6.18-348.21.1.el5"
    "2.6.18-348.22.1.el5"
    "2.6.18-348.23.1.el5"
    "2.6.18-348.25.1.el5"
    "2.6.18-348.27.1.el5"
    "2.6.18-348.28.1.el5"
    "2.6.18-348.29.1.el5"
    "2.6.18-348.30.1.el5"
    "2.6.18-348.31.2.el5"
    "2.6.18-371.el5"
    "2.6.18-371.1.2.el5"
    "2.6.18-371.3.1.el5"
    "2.6.18-371.4.1.el5"
    "2.6.18-371.6.1.el5"
    "2.6.18-371.8.1.el5"
    "2.6.18-371.9.1.el5"
    "2.6.18-371.11.1.el5"
    "2.6.18-371.12.1.el5"
    "2.6.18-398.el5"
    "2.6.18-400.el5"
    "2.6.18-400.1.1.el5"
    "2.6.18-402.el5"
    "2.6.18-404.el5"
    "2.6.18-406.el5"
    "2.6.18-407.el5"
    "2.6.18-408.el5"
    "2.6.18-409.el5"
    "2.6.18-410.el5"
    "2.6.18-411.el5"
    "2.6.18-412.el5"

    # RHEL6
    "2.6.32-71.7.1.el6"
    "2.6.32-71.14.1.el6"
    "2.6.32-71.18.1.el6"
    "2.6.32-71.18.2.el6"
    "2.6.32-71.24.1.el6"
    "2.6.32-71.29.1.el6"
    "2.6.32-71.31.1.el6"
    "2.6.32-71.34.1.el6"
    "2.6.32-71.35.1.el6"
    "2.6.32-71.36.1.el6"
    "2.6.32-71.37.1.el6"
    "2.6.32-71.38.1.el6"
    "2.6.32-71.39.1.el6"
    "2.6.32-71.40.1.el6"
    "2.6.32-131.0.15.el6"
    "2.6.32-131.2.1.el6"
    "2.6.32-131.4.1.el6"
    "2.6.32-131.6.1.el6"
    "2.6.32-131.12.1.el6"
    "2.6.32-131.17.1.el6"
    "2.6.32-131.21.1.el6"
    "2.6.32-131.22.1.el6"
    "2.6.32-131.25.1.el6"
    "2.6.32-131.26.1.el6"
    "2.6.32-131.28.1.el6"
    "2.6.32-131.29.1.el6"
    "2.6.32-131.30.1.el6"
    "2.6.32-131.30.2.el6"
    "2.6.32-131.33.1.el6"
    "2.6.32-131.35.1.el6"
    "2.6.32-131.36.1.el6"
    "2.6.32-131.37.1.el6"
    "2.6.32-131.38.1.el6"
    "2.6.32-131.39.1.el6"
    "2.6.32-220.el6"
    "2.6.32-220.2.1.el6"
    "2.6.32-220.4.1.el6"
    "2.6.32-220.4.2.el6"
    "2.6.32-220.4.7.bgq.el6"
    "2.6.32-220.7.1.el6"
    "2.6.32-220.7.3.p7ih.el6"
    "2.6.32-220.7.4.p7ih.el6"
    "2.6.32-220.7.6.p7ih.el6"
    "2.6.32-220.7.7.p7ih.el6"
    "2.6.32-220.13.1.el6"
    "2.6.32-220.17.1.el6"
    "2.6.32-220.23.1.el6"
    "2.6.32-220.24.1.el6"
    "2.6.32-220.25.1.el6"
    "2.6.32-220.26.1.el6"
    "2.6.32-220.28.1.el6"
    "2.6.32-220.30.1.el6"
    "2.6.32-220.31.1.el6"
    "2.6.32-220.32.1.el6"
    "2.6.32-220.34.1.el6"
    "2.6.32-220.34.2.el6"
    "2.6.32-220.38.1.el6"
    "2.6.32-220.39.1.el6"
    "2.6.32-220.41.1.el6"
    "2.6.32-220.42.1.el6"
    "2.6.32-220.45.1.el6"
    "2.6.32-220.46.1.el6"
    "2.6.32-220.48.1.el6"
    "2.6.32-220.51.1.el6"
    "2.6.32-220.52.1.el6"
    "2.6.32-220.53.1.el6"
    "2.6.32-220.54.1.el6"
    "2.6.32-220.55.1.el6"
    "2.6.32-220.56.1.el6"
    "2.6.32-220.57.1.el6"
    "2.6.32-220.58.1.el6"
    "2.6.32-220.60.2.el6"
    "2.6.32-220.62.1.el6"
    "2.6.32-220.63.2.el6"
    "2.6.32-220.64.1.el6"
    "2.6.32-220.65.1.el6"
    "2.6.32-220.66.1.el6"
    "2.6.32-220.67.1.el6"
    "2.6.32-279.el6"
    "2.6.32-279.1.1.el6"
    "2.6.32-279.2.1.el6"
    "2.6.32-279.5.1.el6"
    "2.6.32-279.5.2.el6"
    "2.6.32-279.9.1.el6"
    "2.6.32-279.11.1.el6"
    "2.6.32-279.14.1.bgq.el6"
    "2.6.32-279.14.1.el6"
    "2.6.32-279.19.1.el6"
    "2.6.32-279.22.1.el6"
    "2.6.32-279.23.1.el6"
    "2.6.32-279.25.1.el6"
    "2.6.32-279.25.2.el6"
    "2.6.32-279.31.1.el6"
    "2.6.32-279.33.1.el6"
    "2.6.32-279.34.1.el6"
    "2.6.32-279.37.2.el6"
    "2.6.32-279.39.1.el6"
    "2.6.32-279.41.1.el6"
    "2.6.32-279.42.1.el6"
    "2.6.32-279.43.1.el6"
    "2.6.32-279.43.2.el6"
    "2.6.32-279.46.1.el6"
    "2.6.32-358.el6"
    "2.6.32-358.0.1.el6"
    "2.6.32-358.2.1.el6"
    "2.6.32-358.6.1.el6"
    "2.6.32-358.6.2.el6"
    "2.6.32-358.6.3.p7ih.el6"
    "2.6.32-358.11.1.bgq.el6"
    "2.6.32-358.11.1.el6"
    "2.6.32-358.14.1.el6"
    "2.6.32-358.18.1.el6"
    "2.6.32-358.23.2.el6"
    "2.6.32-358.28.1.el6"
    "2.6.32-358.32.3.el6"
    "2.6.32-358.37.1.el6"
    "2.6.32-358.41.1.el6"
    "2.6.32-358.44.1.el6"
    "2.6.32-358.46.1.el6"
    "2.6.32-358.46.2.el6"
    "2.6.32-358.48.1.el6"
    "2.6.32-358.49.1.el6"
    "2.6.32-358.51.1.el6"
    "2.6.32-358.51.2.el6"
    "2.6.32-358.55.1.el6"
    "2.6.32-358.56.1.el6"
    "2.6.32-358.59.1.el6"
    "2.6.32-358.61.1.el6"
    "2.6.32-358.62.1.el6"
    "2.6.32-358.65.1.el6"
    "2.6.32-358.67.1.el6"
    "2.6.32-358.68.1.el6"
    "2.6.32-358.69.1.el6"
    "2.6.32-358.70.1.el6"
    "2.6.32-358.71.1.el6"
    "2.6.32-358.72.1.el6"
    "2.6.32-358.73.1.el6"
    "2.6.32-358.111.1.openstack.el6"
    "2.6.32-358.114.1.openstack.el6"
    "2.6.32-358.118.1.openstack.el6"
    "2.6.32-358.123.4.openstack.el6"
    "2.6.32-431.el6"
    "2.6.32-431.1.1.bgq.el6"
    "2.6.32-431.1.2.el6"
    "2.6.32-431.3.1.el6"
    "2.6.32-431.5.1.el6"
    "2.6.32-431.11.2.el6"
    "2.6.32-431.17.1.el6"
    "2.6.32-431.20.3.el6"
    "2.6.32-431.20.5.el6"
    "2.6.32-431.23.3.el6"
    "2.6.32-431.29.2.el6"
    "2.6.32-431.37.1.el6"
    "2.6.32-431.40.1.el6"
    "2.6.32-431.40.2.el6"
    "2.6.32-431.46.2.el6"
    "2.6.32-431.50.1.el6"
    "2.6.32-431.53.2.el6"
    "2.6.32-431.56.1.el6"
    "2.6.32-431.59.1.el6"
    "2.6.32-431.61.2.el6"
    "2.6.32-431.64.1.el6"
    "2.6.32-431.66.1.el6"
    "2.6.32-431.68.1.el6"
    "2.6.32-431.69.1.el6"
    "2.6.32-431.70.1.el6"
    "2.6.32-431.71.1.el6"
    "2.6.32-431.72.1.el6"
    "2.6.32-431.73.2.el6"
    "2.6.32-431.74.1.el6"
    "2.6.32-504.el6"
    "2.6.32-504.1.3.el6"
    "2.6.32-504.3.3.el6"
    "2.6.32-504.8.1.el6"
    "2.6.32-504.8.2.bgq.el6"
    "2.6.32-504.12.2.el6"
    "2.6.32-504.16.2.el6"
    "2.6.32-504.23.4.el6"
    "2.6.32-504.30.3.el6"
    "2.6.32-504.30.5.p7ih.el6"
    "2.6.32-504.33.2.el6"
    "2.6.32-504.36.1.el6"
    "2.6.32-504.38.1.el6"
    "2.6.32-504.40.1.el6"
    "2.6.32-504.43.1.el6"
    "2.6.32-504.46.1.el6"
    "2.6.32-504.49.1.el6"
    "2.6.32-504.50.1.el6"
    "2.6.32-504.51.1.el6"
    "2.6.32-504.52.1.el6"
    "2.6.32-573.el6"
    "2.6.32-573.1.1.el6"
    "2.6.32-573.3.1.el6"
    "2.6.32-573.4.2.bgq.el6"
    "2.6.32-573.7.1.el6"
    "2.6.32-573.8.1.el6"
    "2.6.32-573.12.1.el6"
    "2.6.32-573.18.1.el6"
    "2.6.32-573.22.1.el6"
    "2.6.32-573.26.1.el6"
    "2.6.32-573.30.1.el6"
    "2.6.32-573.32.1.el6"
    "2.6.32-573.34.1.el6"
    "2.6.32-642.el6"
    "2.6.32-642.1.1.el6"
    "2.6.32-642.3.1.el6"
    "2.6.32-642.4.2.el6"
    "2.6.32-642.6.1.el6"

    # RHEL7
    "3.10.0-123.el7"
    "3.10.0-123.1.2.el7"
    "3.10.0-123.4.2.el7"
    "3.10.0-123.4.4.el7"
    "3.10.0-123.6.3.el7"
    "3.10.0-123.8.1.el7"
    "3.10.0-123.9.2.el7"
    "3.10.0-123.9.3.el7"
    "3.10.0-123.13.1.el7"
    "3.10.0-123.13.2.el7"
    "3.10.0-123.20.1.el7"
    "3.10.0-229.el7"
    "3.10.0-229.1.2.el7"
    "3.10.0-229.4.2.el7"
    "3.10.0-229.7.2.el7"
    "3.10.0-229.11.1.el7"
    "3.10.0-229.14.1.el7"
    "3.10.0-229.20.1.el7"
    "3.10.0-229.24.2.el7"
    "3.10.0-229.26.2.el7"
    "3.10.0-229.28.1.el7"
    "3.10.0-229.30.1.el7"
    "3.10.0-229.34.1.el7"
    "3.10.0-229.38.1.el7"
    "3.10.0-229.40.1.el7"
    "3.10.0-229.42.1.el7"
    "3.10.0-327.el7"
    "3.10.0-327.3.1.el7"
    "3.10.0-327.4.4.el7"
    "3.10.0-327.4.5.el7"
    "3.10.0-327.10.1.el7"
    "3.10.0-327.13.1.el7"
    "3.10.0-327.18.2.el7"
    "3.10.0-327.22.2.el7"
    "3.10.0-327.28.2.el7"
    "3.10.0-327.28.3.el7"
    "3.10.0-327.36.1.el7"
    "3.10.0-327.36.2.el7"
    "3.10.0-229.1.2.ael7b"
    "3.10.0-229.4.2.ael7b"
    "3.10.0-229.7.2.ael7b"
    "3.10.0-229.11.1.ael7b"
    "3.10.0-229.14.1.ael7b"
    "3.10.0-229.20.1.ael7b"
    "3.10.0-229.24.2.ael7b"
    "3.10.0-229.26.2.ael7b"
    "3.10.0-229.28.1.ael7b"
    "3.10.0-229.30.1.ael7b"
    "3.10.0-229.34.1.ael7b"
    "3.10.0-229.38.1.ael7b"
    "3.10.0-229.40.1.ael7b"
    "3.10.0-229.42.1.ael7b"
    "4.2.0-0.21.el7"

    # RHEL5
    "2.6.24.7-74.el5rt"
    "2.6.24.7-81.el5rt"
    "2.6.24.7-93.el5rt"
    "2.6.24.7-101.el5rt"
    "2.6.24.7-108.el5rt"
    "2.6.24.7-111.el5rt"
    "2.6.24.7-117.el5rt"
    "2.6.24.7-126.el5rt"
    "2.6.24.7-132.el5rt"
    "2.6.24.7-137.el5rt"
    "2.6.24.7-139.el5rt"
    "2.6.24.7-146.el5rt"
    "2.6.24.7-149.el5rt"
    "2.6.24.7-161.el5rt"
    "2.6.24.7-169.el5rt"
    "2.6.33.7-rt29.45.el5rt"
    "2.6.33.7-rt29.47.el5rt"
    "2.6.33.7-rt29.55.el5rt"
    "2.6.33.9-rt31.64.el5rt"
    "2.6.33.9-rt31.67.el5rt"
    "2.6.33.9-rt31.86.el5rt"

    # RHEL6
    "2.6.33.9-rt31.66.el6rt"
    "2.6.33.9-rt31.74.el6rt"
    "2.6.33.9-rt31.75.el6rt"
    "2.6.33.9-rt31.79.el6rt"
    "3.0.9-rt26.45.el6rt"
    "3.0.9-rt26.46.el6rt"
    "3.0.18-rt34.53.el6rt"
    "3.0.25-rt44.57.el6rt"
    "3.0.30-rt50.62.el6rt"
    "3.0.36-rt57.66.el6rt"
    "3.2.23-rt37.56.el6rt"
    "3.2.33-rt50.66.el6rt"
    "3.6.11-rt28.20.el6rt"
    "3.6.11-rt30.25.el6rt"
    "3.6.11.2-rt33.39.el6rt"
    "3.6.11.5-rt37.55.el6rt"
    "3.8.13-rt14.20.el6rt"
    "3.8.13-rt14.25.el6rt"
    "3.8.13-rt27.33.el6rt"
    "3.8.13-rt27.34.el6rt"
    "3.8.13-rt27.40.el6rt"
    "3.10.0-229.rt56.144.el6rt"
    "3.10.0-229.rt56.147.el6rt"
    "3.10.0-229.rt56.149.el6rt"
    "3.10.0-229.rt56.151.el6rt"
    "3.10.0-229.rt56.153.el6rt"
    "3.10.0-229.rt56.158.el6rt"
    "3.10.0-229.rt56.161.el6rt"
    "3.10.0-229.rt56.162.el6rt"
    "3.10.0-327.rt56.170.el6rt"
    "3.10.0-327.rt56.171.el6rt"
    "3.10.0-327.rt56.176.el6rt"
    "3.10.0-327.rt56.183.el6rt"
    "3.10.0-327.rt56.190.el6rt"
    "3.10.0-327.rt56.194.el6rt"
    "3.10.0-327.rt56.195.el6rt"
    "3.10.0-327.rt56.197.el6rt"
    "3.10.33-rt32.33.el6rt"
    "3.10.33-rt32.34.el6rt"
    "3.10.33-rt32.43.el6rt"
    "3.10.33-rt32.45.el6rt"
    "3.10.33-rt32.51.el6rt"
    "3.10.33-rt32.52.el6rt"
    "3.10.58-rt62.58.el6rt"
    "3.10.58-rt62.60.el6rt"

    # RHEL7
    "3.10.0-229.rt56.141.el7"
    "3.10.0-229.1.2.rt56.141.2.el7_1"
    "3.10.0-229.4.2.rt56.141.6.el7_1"
    "3.10.0-229.7.2.rt56.141.6.el7_1"
    "3.10.0-229.11.1.rt56.141.11.el7_1"
    "3.10.0-229.14.1.rt56.141.13.el7_1"
    "3.10.0-229.20.1.rt56.141.14.el7_1"
    "3.10.0-229.rt56.141.el7"
    "3.10.0-327.rt56.204.el7"
    "3.10.0-327.4.5.rt56.206.el7_2"
    "3.10.0-327.10.1.rt56.211.el7_2"
    "3.10.0-327.13.1.rt56.216.el7_2"
    "3.10.0-327.18.2.rt56.223.el7_2"
    "3.10.0-327.22.2.rt56.230.el7_2"
    "3.10.0-327.28.2.rt56.234.el7_2"
    "3.10.0-327.28.3.rt56.235.el7"
    "3.10.0-327.36.1.rt56.237.el7"
)

KPATCH_MODULE_NAMES=(
    "kpatch_3_10_0_327_36_1_1_1"
    "kpatch_3_10_0_327_36_2_1_1"
    "kpatch_3_10_0_229_4_2_1_1"
    "kpatch_3_10_0_327_28_3_1_1"
    "kpatch_3_10_0_327_28_2_1_1"
    "kpatch_3_10_0_327_13_1_1_1"
    "kpatch_3_10_0_327_10_1_1_2"
    "kpatch_3_10_0_327_4_5_1_1"
    "kpatch_3_10_0_229_14_1_1_1"
    "kpatch_3_10_0_229_42_1_1_1"
    "kpatch_3_10_0_327_22_2_1_2"
)

running_kernel=$( uname -r )

# Check supported platform
if [[ "$running_kernel" != *".el"[5-7]* ]]; then
    echo -e "${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}"
    exit 4
fi

# Check kernel if it is vulnerable
for tested_kernel in "${VULNERABLE_VERSIONS[@]}"; do
        if [[ "$running_kernel" == *"$tested_kernel"* ]]; then
            vulnerable_kernel=${running_kernel}
            break
        fi
done

# Check if kpatch is installed
modules=$( lsmod )
for tested_kpatch in "${KPATCH_MODULE_NAMES[@]}"; do
    if [[ "$modules" == *"$tested_kpatch"* ]]; then
            applied_kpatch=${tested_kpatch}
            break
        fi
done

# Check mitigation
mitigated=0
while read -r line; do
    if [[ "$line" == *"$MITIGATION_ON"* ]]; then
        mitigated=1
    elif [[ "$line" == *"$MITIGATION_OFF"* ]]; then
        mitigated=0
    fi
done < <( dmesg )

# Result interpretation
result=${VULNERABLE}
if (( mitigated )); then
    result=${MITIGATED}
fi
if [[ ! "$vulnerable_kernel" ]]; then
    result=${SAFE_KERNEL}
elif [[ "$applied_kpatch" ]]; then
    result=${SAFE_KPATCH}
fi

# Print result
if [[ ${result} == "$SAFE_KERNEL" ]]; then
    echo -e "${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}"
    exit 0
elif [[ ${result} == "$SAFE_KPATCH" ]]; then
    echo -e "Your kernel is $running_kernel which is normally vulnerable."
    echo -e "${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}"
    exit 1
elif [[ ${result} == "$MITIGATED" ]]; then
    echo -e "${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}"
    echo -e "${YELLOW}You have a partial mitigation applied.${RESET}"
    echo -e "This mitigation protects against most common attack vectors which are already exploited in the wild,"
    echo -e "but does not protect against all possible attack vectors."
    echo -e "Red Hat recommends that you update your kernel as soon as possible."
    exit 2
else
    echo -e "${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}"
    echo -e "Red Hat recommends that you update your kernel. Alternatively, you can apply partial"
    echo -e "mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 ."
    exit 3 

run it as below

 Ex : ./bug-checker.sh it will show you whether your system is affected or not.


How to Apply Fix if affected

Once you know that you system is affected, you have to update the kernel for your system to get rid of this bug, but you need to know based on you system which version of kernel would be needed to resolve this issue, So here is the base version list as per OS version which you need to install. Minimum this version would be needed to to clean the dirty COW :)

RHEL 5 :

kernel-2.6.18-416
kernel-devel-2.6.18
kernel-headers-2.6.18

 RHEL 6 :

kernel-2.6.32
kernel-devel-2.6.32
kernel-headers-2.6.32

RHEL 7

kernel-3.10.0
kernel-devel-3.10.0
kernel-headers-3.10.0

Ubuntu

4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS

 Debian

3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable  

Note : And reboot required for new kernel to take effect

Preparation :

Your server might be important to you and for that you need to follow below steps so that after reboot all the services should be running as previous

     रिबूट के पहले (Before Reboot) :

                As you have done with installing kernel packages make sure to check
  1. All the necessary services are made chkconfig to start upon server reboot
  2. If you have any mount points it should be umount first and need to remount after server reboot
  3. Take backup of Database if you are rebooting the mysql production just a precautionary measure.
  4.  Put the site on maintenance mode by showing 503 status code
  5. reboot the server.

      रिबूट  के बाद (After Reboot) :

  1. Check new version of Kernel is showing or not by running command uname -a
  2. Run above script again to verify.
  3. Check if all necessary services are UP and running.
  4. Check mounts points
  5. Check if emails are going or not.
  6. Check connectivity between server.
  7. Check the production/stage site hosted on a server.
You are good now, be happy till the NEW BUG hit the Linux World :) :D LOL   
 

References :  

  1. https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability
  2. https://access.redhat.com/security/vulnerabilities/2706661
  3. https://dirtycow.ninja/

For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

22 comments:

  1. I all the time used to study piece of writing in news papers but now as I am a user of net
    thus from now I am using net for content, thanks to
    web.

    ReplyDelete
  2. Good day! Do you know if hey make any plugins to safeguard against hackers?
    I'm kinda paranoid about losing everything I've
    worked hard on. Any tips?
    beasiswa mahasiswa s1

    ReplyDelete
    Replies
    1. Which technology/OS distro you are aiming for ? There is no such ready made plugins available which can prevent from hackers (may be wordpress is providing such for their blog users). But in General our best practices (under it there are several option though)for Server/Application Plus some custom build script on server and modules on application can prevents hackers from exploiting our systems in cost effective way. Else there is always scope of vertical scaling to your environment by introducing IDS,IPS,WAF. your thoughts ?

      Delete
  3. This site certainly has all of thhe information and facts I wanted concerning this subject and didn't know
    who to ask.
    pelajaran mata kuliah manajemen

    ReplyDelete
  4. Hello i am kavin, its my first time to commenting anywhere,
    when i reaad this article i thought i could also create comment ddue
    to this good post.
    universitas jurusan teknik sipil

    ReplyDelete
  5. Pretty nice post. I just stumbled upon your weblog and wished
    to say that I've truly enjoyed browsing your blog posts.
    In any case I will be subscribing to your rss feed and I hope you write
    again soon!

    ReplyDelete
  6. WOW just what I was looking for. Came here by searching for american roulette wheel

    ReplyDelete
  7. Hello, i think that i noticed you visited my weblog thus i got here to return the choose?.I'm attempting to
    find things to enhance my website!I guess its ok to make
    use of a few of your concepts!!

    ReplyDelete
  8. Share the weblog again, so that i can revisit again ;) BTW Thank you :)

    ReplyDelete
  9. Pretty component of content. I simply stumbled upon your website and
    in accession capital to assert that I acquire actually loved account your weblog posts.
    Anyway I will be subscribing to your feeds and even I fulfillment you get right of entry to
    persistently rapidly.

    ReplyDelete
  10. What i don't understood is in fact how you're now not actually a lot more well-appreciated than you might be right
    now. You are so intelligent. You recognize thus significantly in the case
    of this matter, made me in my view imagine it from so many varied angles.
    Its like women and men are not involved until it is something to accomplish with Girl gaga!
    Your own stuffs outstanding. At all times take care of it up!

    ReplyDelete