Dirty COW vulnerability on Linux servers
A vulnerability has been found on Linux server that allows non administrator level users to gain the ability to edit read-only system files which should only be accessible by root users.
This is an issue with the underlying code on which all Linux operating systems are built and although the vulnerability has only been discovered last week, it’s actually been present in the Linux kernel since version 2.6.22 in 2007.
Named Dirty COW (By taking advantage of the optimisation strategy of copy-on-write (hence the name COW), an unprivileged local user could use this flaw to gain write access to what should be read-only memory mappings and therefore give themselves the option to increase their privileges on the system.
We give our clients root level access to their servers anyway but the problem arises if they have given other people their own shell users on their servers or have already been compromised.
There have now been patches released for servers running on CentOS 6 and 7 which we will be running over night when the system updates, but in order to complete the update and make the server safe it will need to be rebooted.
We’d recommend getting your server rebooted as soon as possible , but please get in touch with us if you’d like us to arrange a time to get this done for you. We can do this for you between 8am and 4pm during the week or alternatively you can reboot the server yourself via your control panel or SSH. (See our Knowledgebase Article on how to do this in your client area)
UPDATE (November 8th): There has now been a patch released for CentOS5 and we’ve patched all servers running this version of Centos. As with the others, it’s important that you reboot the server so that the update completes and the server is safe.