{"id":1779,"date":"2016-10-25T21:14:53","date_gmt":"2016-10-26T03:14:53","guid":{"rendered":"http:\/\/www.supportpro.com\/blog\/?p=1779"},"modified":"2025-04-28T02:57:41","modified_gmt":"2025-04-28T08:57:41","slug":"dirty-cow-vulnerability-cve-2016-5195","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/dirty-cow-vulnerability-cve-2016-5195\/","title":{"rendered":"How to Fix Dirty Cow Vulnerability &#8211; CVE-2016-5195"},"content":{"rendered":"<p>A serious vulnerability named <strong>Dirty COW<\/strong> has been discovered recently which has put the Linux kernel under risk. It is said that this vulnerability was noticed nine years ago (since version 2.6.22 in 2007) and remained unnoticed throughout this time. A researcher named Phil Oester was the man behind the detection of this serious threat.<\/p>\n<p>According to him, the vulnerability is described as a race condition where the Linux kernel&#8217;s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.\u00a0In this way, the attackers gain write access to read-only memory updates and this paves the way to their increased privileges on the system. <!--more--><\/p>\n<p><a class=\"lightbox\" href=\"https:\/\/www.supportpro.com\/requestquote.php\" rel=\"attachment wp-att-1780\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-1780\" src=\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/10\/cow.png\" alt=\"cow\" width=\"340\" height=\"226\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/10\/cow.png 609w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/10\/cow-300x200.png 300w\" sizes=\"(max-width: 340px) 100vw, 340px\" \/><\/a><\/p>\n<p>It\u2019s a good chance that your device is vulnerable to this attack if you are running a Linux kernel higher than 2.6.22. The list given below shows the popular Linux distributions vulnerable to this attack.<\/p>\n<ul>\n<li>Red Hat Enterprise Linux 7.x<\/li>\n<li>Red Hat Enterprise Linux 6.x<\/li>\n<li>Red Hat Enterprise Linux 5.x<\/li>\n<li>CentOS Linux 7.x<\/li>\n<li>CentOS Linux 6.x<\/li>\n<li>CentOS Linux 5.x<\/li>\n<li>Debian Linux wheezy<\/li>\n<li>Debian Linux jessie<\/li>\n<li>Debian Linux stretch<\/li>\n<li>Debian Linux sid<\/li>\n<li>Ubuntu Linux precise (LTS 12.04)<\/li>\n<li>Ubuntu Linux trusty<\/li>\n<li>Ubuntu Linux xenial (LTS 16.04)<\/li>\n<li>Ubuntu Linux yakkety<\/li>\n<li>Ubuntu Linux vivid\/ubuntu-core<\/li>\n<li>SUSE Linux Enterprise 11 and 12.<\/li>\n<li>Openwrt<\/li>\n<\/ul>\n<p><strong><span style=\"text-decoration: underline;\">How to detect vulnerability ?<\/span><\/strong><\/p>\n<p>The initial step to be done in detecting the vulnerability is to identify the current kernel version using the uname command.<\/p>\n<p><strong>Ubuntu\/Debian :<br \/>\n<\/strong><\/p>\n<p>For Ubuntu Servers, you need to use the following command to find the kernel version.<\/p>\n<p><i>#uname -rv<\/i><\/p>\n<p>You&#8217;ll see output like this:<\/p>\n<p>Output :<\/p>\n<p><em>4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016<\/em><\/p>\n<p>If the version displayed is earlier than the following list, your server is affected by the vulnerability.<\/p>\n<ul>\n<li><b>4.8.0-26.28<\/b>\u00a0for Ubuntu 16.10<\/li>\n<li><b>4.4.0-45.66<\/b>\u00a0for Ubuntu 16.04 LTS<\/li>\n<li><b>3.13.0-100.147<\/b>\u00a0for Ubuntu 14.04 LTS<\/li>\n<li><b>3.2.0-113.155<\/b>\u00a0for Ubuntu 12.04 LTS<\/li>\n<li><b>3.16.36-1+deb8u2<\/b>\u00a0for Debian 8<\/li>\n<li><b>3.2.82-1<\/b>\u00a0for Debian 7<\/li>\n<li><b>4.7.8-1<\/b>\u00a0for Debian unstable<\/li>\n<\/ul>\n<p><strong>CentOS :<br \/>\n<\/strong><\/p>\n<p>If you&#8217;re on CentOS, you can use\u00a0this script provided by RedHat\u00a0to test your server&#8217;s vulnerability. To do so, first, download the script.<\/p>\n<p><i>wget https:\/\/access.redhat.com\/sites\/default\/files\/rh-cve-2016-5195_1.sh<\/i><\/p>\n<p>Then run it with bash.<\/p>\n<p><i>bash rh-cve-2016-5195_1.sh<\/i><\/p>\n<p>If you&#8217;re vulnerable, you&#8217;ll see output like this:<\/p>\n<p><em>Your\u00a0kernel\u00a0is\u00a03.10.0-327.36.1.el7.x86_64\u00a0which\u00a0is vulnerable. \u00a0Red\u00a0Hat\u00a0recommends\u00a0that you\u00a0update your\u00a0kernel.\u00a0 Alternatively,\u00a0you\u00a0can\u00a0apply\u00a0partial\u00a0mitigation\u00a0described\u00a0at https:\/\/access.redhat.com\/security\/vulnerabilities\/2706661.<\/em><\/p>\n<p><strong><span style=\"text-decoration: underline;\">How to get yourself protected?<\/span><\/strong><\/p>\n<p>As a quicker resolution to this bug, it\u2019s advised to update your Linux distro to the latest available version. Keep in mind that a system reboot is necessary for the kernel update to be applied.<\/p>\n<p>You can make use of the following commands to update your Debian\/Ubuntu\/CentOS systems:<\/p>\n<p><strong>Debian\/Ubuntu:<\/strong><br \/>\n<i>$ sudo apt-get update &amp;&amp; sudo apt-get dist-upgrade<\/i><\/p>\n<p>Finally, <strong>reboot<\/strong> your server for the changes to take effect.<\/p>\n<p><strong><a href=\"https:\/\/www.supportpro.com\/blog\/centos-7-commands-and-configuration-files\/\">CentOS<\/a>:<\/strong><\/p>\n<p>You can use the <strong>yum<\/strong> command to update the kernel to the latest version.<\/p>\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n<p style=\"text-align: center;\"><!--HubSpot Call-to-Action Code --><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><!-- [if lte IE 8]><\/p>\n\n\n\n\n\n<div id=\"hs-cta-ie-element\"><\/div>\n\n\n<![endif]--><a href=\"https:\/\/www.supportpro.com\/freecheckup.php\"><img decoding=\"async\" id=\"hs-cta-img-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-img\" style=\"border-width: 0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\" alt=\"Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value\" \/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '9d590242-d641-4383-94b4-8cfd62f0af6b', {}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A serious vulnerability named Dirty COW has been discovered recently which has put the Linux kernel under risk. It is said that this vulnerability was noticed nine years ago (since&hellip;<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[4,3],"tags":[],"class_list":["post-1779","post","type-post","status-publish","format-standard","hentry","category-server-security","category-technical-articles"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=1779"}],"version-history":[{"count":14,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1779\/revisions"}],"predecessor-version":[{"id":14515,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1779\/revisions\/14515"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=1779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=1779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=1779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}