How To Fix and Protect The Linux Server Against the Dirty COW Vulnerability on CentOS 5/6/7 or RHEL 5/6/7

WebsiteInternetWeb Services

In this article, we will learn about how to fix the Dirty Cow Linux Vulnerability CentOS/Red Hat, Dirty Cow Linux Vulnerability was escalated on Oct 19, 2016, as it is a privilege escalation vulnerability in the Linux OS on kernel level was disclosed with the name Dirty COW as the Dirty Cow will create a condition that kernel handles COW (Copy-on-Write) which exists for a long time since as the most of the servers are at risk. Actually, this is called as CVE-2016-5195 on Redhat. This may affect the kernels which are shipped Red Hat Enterprises Linux 5,6,7.

The Dirty Cow means that a regular or an unprivileged user on the server will gain write access to all the files which they can read and therefore increase their access on the system.

As most of the Linux distributions have already released a fix for the vulnerability so needed not to worry and we can use this article to fix this.

Checking for the Vulnerability in the CentOS /RHEL Machine

To Check the vulnerability on CentOS / RHEL machine we needed to run the below script where we have lots of kernels on RHEL and CentOS .

We can download the script from the Redhat repository using the below link

# wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
Output:
--2016-11-21 11:41:19--
https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.shResolving access.redhat.com... 104.120.145.18
Connecting to access.redhat.com|104.120.145.18|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16478 (16K) [application/x-sh]
Saving to: “rh-cve-2016-5195_1.sh”
100%[======================================>] 16,478 72.4K/s in 0.2s
2016-11-21 11:41:19 (72.4 KB/s) - “rh-cve-2016-5195_1.sh” saved [16478/16478]

Once we download the file we needed to add the executable permission for the script.

# chmod +x rh-cve-2016-5195_1.sh

Now we will run the script to detect the machine is vulnerable or not using the script which we just downloaded.

# ./rh-cve-2016-5195_1.sh
Output:
Your kernel is 2.6.32-642.6.1.el6.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

Fixing the Dirty Cow Vulnerability on CentOS / RHEL

We can directly apply the fix straight from the RHEL/CentOS repository by just updating the kernel and reboot the server

Below is the command to update all the packages on the CentOS/RHEL Machine.

# sudo yum update
Output:
yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
epel/metalink | 4.9 kB 00:00
* base: mirror.fibergrid.in
* epel: epel.scopesky.iq
* extras: mirror.fibergrid.in
* updates: mirror.fibergrid.in
…
…
Resolving Dependencies
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6_8.1 will be updated
---> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6_8.3 will be an update
---> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6_8.1 will be updated
---> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6_8.3 will be an update
---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be updated
---> Package httpd.x86_64 0:2.2.15-55.el6.centos.2 will be an update
---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be updated
---> Package httpd-tools.x86_64 0:2.2.15-55.el6.centos.2 will be an update
---> Package java-1.7.0-openjdk.x86_64 1:1.7.0.111-2.6.7.2.el6_8 will be updated
---> Package java-1.7.0-openjdk.x86_64 1:1.7.0.121-2.6.8.1.el6_8 will be an upda te
…
kamailio-debuginfo.x86_64 0:4.4.4-1.1
kamailio-mysql.x86_64 0:4.4.4-1.1
kamailio-unixodbc.x86_64 0:4.4.4-1.1
kernel-firmware.noarch 0:2.6.32-642.11.1.el6
kernel-headers.x86_64 0:2.6.32-642.11.1.el6
kexec-tools.x86_64 0:2.0.0-300.el6_8.1
libblkid.x86_64 0:2.17.2-12.24.el6_8.1
libgcrypt.x86_64 0:1.4.5-12.el6_8
libuuid.x86_64 0:2.17.2-12.24.el6_8.1
nss.x86_64 0:3.21.3-2.el6_8
nss-sysinit.x86_64 0:3.21.3-2.el6_8
nss-tools.x86_64 0:3.21.3-2.el6_8
nss-util.x86_64 0:3.21.3-1.el6_8
perf.x86_64 0:2.6.32-642.11.1.el6
policycoreutils.x86_64 0:2.0.83-30.1.el6_8
selinux-policy.noarch 0:3.7.19-292.el6_8.2
selinux-policy-targeted.noarch 0:3.7.19-292.el6_8.2
tzdata.noarch 0:2016i-1.el6
tzdata-java.noarch 0:2016i-1.el6
util-linux-ng.x86_64 0:2.17.2-12.24.el6_8.1
Complete!

Once the update is completed we needed to reboot the machine so that the updates are effected, below is the command to reboot the machine.

# sudo reboot

Verify the system after Update for Kernel Update

As we have upgraded the packages and updated the machine for the DirtyCow Vulnerability we needed to check whether the kernel is upgraded or not, below is the command to verify.

We can run the script which we have downloaded in the previous steps to check the vulnerability or you can run the below command –

./rh-cve-2016-5195_1.sh
Output:
Your kernel is 2.6.32-642.11.1.el6.x86_64 which is NOT vulnerable.

We can see that the script if it shows that the machine is not vulnerable.

# uname -r
Output:
2.6.32-642.11.1.el6.x86_64

As we can see that the kernel is updated from 2.6.32-642.6.1.el6.x86_64 to 2.6.32-642.11.1.el6.x86_64, so the Linux machine is safe from Dirty Cow Vulnerability.

In the above article we have learned how to check for the Dirty Cow Vulnerability on the CentOS / RHEL Linux machine using the script from RHEL and we have also learned how to fix the Dirty Cow Vulnerability and verify after the update.

raja
Published on 23-Jan-2020 12:50:07
Advertisements