What is the Dirty CoW vulnerability that was announced on Oct 21st 2016
Dirty CoW vulnerability allows attackers to gain root access to servers and take control of the complete system. It allows a system user to bypass standard permission mechanisms that would prevent modification without an appropriate permission set, and thus, enables the attacker to take control over the system.
This vulnerability can be exploited through several ways. An attacker would only need a low-level access to the system, such as through compromised SSH/Shell account, before exploiting this bug, or through a vulnerable web application which allows an attacker to upload a faulty script.
The most alarming thing about this bug: it is impossible for security mechanisms to detect this issue, and once exploited, there is no evidence of what has happened.
This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild. This flaw affects most modern Linux distributions.
We have actively addressed the issues and applied the patches on our servers at 3 Aliens Web Hosting. Additionally, we managed to do this with negligible downtime that normally results from such activities of kernel update.
Out of this World Web Hosting
Monday, October 31, 2016
Powered by WHMCompleteSolution