Updated 27/10/16: Last week, a nine-year old bug was uncovered in the Linux kernel that can give attackers root-level access to machines running the Linux operating system. Because the vulnerability is related to how the kernel handles copy-on-write memory, it has been dubbed ‘Dirty COW’. The security flaw exists on every distribution of the operating system. Devices that use Android, which is based on Linux, are also affected. If you’re running a Linux-based server or using an Android phone, here’s how you can protect yourself against Dirty COW.
This privilege escalation vulnerability was revealed by Red Hat and has been in existence since 2007. It is extremely easy to exploit, which is why it is so dangerous and has been labelled one of the worse Linux privilege escalation bug that has ever been discovered. Dirty COW can be exploited by a malicious application or by executing commands directly on a Linux system.
Most major Linux distributions have released a patch for the issue but for those running older servers, here’s how you can check if you need to act. First, you need to check which Linux operating system you’re running on and what kernel version you are using. You can do this by using the following command:
~ $ uname -a
If you’re running a version of Linux older than the ones listed below, you need to update your system and reboot your server:
- 4.8.0-26.28 for Ubuntu 16.10
- 4.4.0-45.66 for Ubuntu 16.04 LTS
- 3.13.0-100.147 for Ubuntu 14.04 LTS
- 3.2.0-113.155 for Ubuntu 12.04 LTS
- 3.16.36-1+deb8u2 for Debian 8
- 3.2.82-1 for Debian 7
- 4.7.8-1 for Debian unstable
The command to update Ubuntu and Debian systems is this:
sudo apt-get update && sudo apt-get dist-upgrade
If you’re using CentOS and RedHat servers, here’s a script provided by RedHat for RHEL to test for the Dirty COW vulnerability:
$ wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
You can update your RedHat server with the following command:
$ sudo yum update
$ sudo reboot
Provided that you have a supported CentOS version (7.2, 6.8, 5.1) you should be able to patch CentOS servers with the latest kernel-devel package. This can be performed on most CentOS installations with the command:
debuginfo-install kernel-$(uname -r)
There’s won’t be a fix for CentOS servers on an unsupported kernel version, but RedHat does have a workaround which you can find here.
Since Android is based on Linux, the Dirty COW bug also affects devices that use the operating system. Researchers have already proven that the vulnerability can be exploited on Android devices. Here’s a video of security researcher Dan Goodin demonstrating the exploit using a HTC phone connected to a computer via USB cable:
Dirty COW can be exploited by malicious apps. Updates for Android devices are not as frequent given that patches are usually dished out by manufacturers that run on their own schedule. It could take some time for the Linux patches to trickle down to various Android users.
Until patches come through for your Android phone, the best way to avoid being affected by Dirty COW is to exercise caution when downloading apps for your device. Android users with rooted Android phones need to be extra careful given that side loading apps comes with added risk.