Phelps, Matthew
2016-Oct-25 12:29 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon <anthon at rth.dk> wrote:> What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to attacks > using ptrace. > > There is a mitigation described here > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > which doesn't fix the underlying problem, but at least protects against > known attack vectors. However, I'm unsure if the script only applies to > Centos 7, or if it also works on Centos 6? > > Cheers, Christian > >I have not been able to get this script to work on CentOS 6.8 I've installed kernel-debug, kernel-devel, kernel-debug-devel, kernel-debug-debuginfo, kernel-debuginfo-common and I still get: stap -g -p 4 dirtyc0w.stp semantic error: while resolving probe point: identifier 'syscall' at dirtyc0w.stp:5:7 source: probe syscall.ptrace { ^ semantic error: no match Pass 2: analysis failed. [man error::pass2] Anybody have any success with this? -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu On 24-10-2016 18:29, Gilbert Sebenste wrote:> >> On Sat, 22 Oct 2016, Valeri Galtsev wrote: >> >> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >>> >>>> Dear All, >>>> >>>> I guess, we all have to urgently apply workaround, following, say, this: >>>> >>>> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtyco >>>> w-centos-7rhel7cpanelcloudlinux/ >>>> >>>> At least those of us who still have important multi user machines >>>> running >>>> Linux. >>>> >>> >>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not >>> vulnerable. >>> >> >> Patch is out on RHEL side: >> >> https://rhn.redhat.com/errata/RHSA-2016-2098.html >> >> ******************************************************************************* >> >> Gilbert Sebenste ******** >> (My opinions only!) >> ****** >> ******************************************************************************* >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Peter Kjellström
2016-Oct-25 13:38 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 08:29:33 -0400 "Phelps, Matthew" <mphelps at cfa.harvard.edu> wrote:> On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon <anthon at rth.dk> > wrote: > > > What is the best approach on centos 6 to mitigate the problem is > > officially patched? As far as I can tell Centos 6 is vulnerable to > > attacks using ptrace. > > > > There is a mitigation described here > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > > > which doesn't fix the underlying problem, but at least protects > > against known attack vectors. However, I'm unsure if the script > > only applies to Centos 7, or if it also works on Centos 6? > > > > Cheers, Christian > > > > > I have not been able to get this script to work on CentOS 6.8 > > I've installed kernel-debug, kernel-devel, kernel-debug-devel, > kernel-debug-debuginfo, kernel-debuginfo-common and I still get:You have the wrong packages. You want "kernel-debuginfo" and "kernel-debuginfo-common" for the running kernel. You've by mistake got "kernel-debug-debuginfo" which is the debuginfo for the debug kernel (not the normal kernel). /Peter K
Phelps, Matthew
2016-Oct-25 13:53 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 9:38 AM, Peter Kjellstr?m <cap at nsc.liu.se> wrote:> On Tue, 25 Oct 2016 08:29:33 -0400 > "Phelps, Matthew" <mphelps at cfa.harvard.edu> wrote: > > > On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon <anthon at rth.dk> > > wrote: > > > > > What is the best approach on centos 6 to mitigate the problem is > > > officially patched? As far as I can tell Centos 6 is vulnerable to > > > attacks using ptrace. > > > > > > There is a mitigation described here > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > > > > > which doesn't fix the underlying problem, but at least protects > > > against known attack vectors. However, I'm unsure if the script > > > only applies to Centos 7, or if it also works on Centos 6? > > > > > > Cheers, Christian > > > > > > > > I have not been able to get this script to work on CentOS 6.8 > > > > I've installed kernel-debug, kernel-devel, kernel-debug-devel, > > kernel-debug-debuginfo, kernel-debuginfo-common and I still get: > > You have the wrong packages. You want "kernel-debuginfo" and > "kernel-debuginfo-common" for the running kernel. You've by mistake got > "kernel-debug-debuginfo" which is the debuginfo for the debug kernel > (not the normal kernel). > > /Peter K >Bingo. That was it. Thanks! -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu
Possibly Parallel Threads
- CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw