Skip to main content

Dirty Cow Vulnerability CVE-2016-5195



Why it is called Dirty Cow?

 "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."

Who found the Dirty COW vulnerability?

Phil Oester

How to mitigate this vulnerability?

You need to update the kernel and make sure the kernel is patched for this vulnerability.

# yum update kernel
# uname -r // for getting the installed kernel.
# rpm -qa | grep kernel-name // for getting the package of the installed kernel.
# rpm -q --changlog | grep -i 'CVE-2016-5195' 
 - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195}


If this have a result like above , that means the cow is clean now :p

How to Build and use the systemtap workaround

First you have to install the rpm in the given order itself:

1) kernel-debuginfo-common
2) kernel-debuginfo
3) kernel-devel
4) systemtap-client
5) systemtap-devel

for example if the kernel is kernel-2.6.32-642.3.1.el6

# wget http://debuginfo.centos.org/6/x86_64/kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm
# rpm -ivh kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm
# wget http://debuginfo.centos.org/6/x86_64/kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
# rpm -ivh kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
# wget http://ftp.scientificlinux.org/linux/fermi/slf6.4/x86_64/updates/security/kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm
# rpm -ivh kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm
# yum -y install systemtap-client
# yum -y install systemtap-devel

Now insert the below code in the file name dirtycow.stp

probe kernel.function(mem_write).call ? {
         = 0
}

probe syscall.ptrace {  // includes compat ptrace as well
         = 0xfff
}

probe begin {
        printk(0, CVE-2016-5195 mitigation loaded)
}


probe end {
        printk(0, CVE-2016-5195 mitigation unloaded)
}

#######

# stap -g -p 4 -m dirtycow_`uname -r|tr -cd [:digit:]` dirtycow.stp // THis command will create module named dirtycow_26326423168664.ko

# staprun -L dirtycow_26326423168664.ko // This will load this module to the kernel.

Now you can check if this is loaded by giving the below command.

# dmesg | grep CVE-2016-5195

NB: This module will not load to the kernel after a reboot of the server, so in-order to automatically load this module in the next reboot add the staprun command  to the /etc/rc.local file.


 That is all folks,
Cheers.

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more