Gilbert Sebenste
2016-Oct-24 16:29 UTC
[CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Sat, 22 Oct 2016, Valeri Galtsev wrote:> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user machines running >> Linux. > > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.Patch is out on RHEL side: https://rhn.redhat.com/errata/RHSA-2016-2098.html ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************
Christian Anthon
2016-Oct-25 08:06 UTC
[CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
What is the best approach on centos 6 to mitigate the problem is officially patched? As far as I can tell Centos 6 is vulnerable to attacks using ptrace. There is a mitigation described here https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 which doesn't fix the underlying problem, but at least protects against known attack vectors. However, I'm unsure if the script only applies to Centos 7, or if it also works on Centos 6? Cheers, Christian On 24-10-2016 18:29, Gilbert Sebenste wrote:> On Sat, 22 Oct 2016, Valeri Galtsev wrote: > >> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >>> Dear All, >>> >>> I guess, we all have to urgently apply workaround, following, say, >>> this: >>> >>> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >>> >>> >>> At least those of us who still have important multi user machines >>> running >>> Linux. >> >> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not >> vulnerable. > > Patch is out on RHEL side: > > https://rhn.redhat.com/errata/RHSA-2016-2098.html > > ******************************************************************************* > > Gilbert Sebenste ******** > (My opinions only!) > ****** > ******************************************************************************* > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Phelps, Matthew
2016-Oct-25 12:29 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon <anthon at rth.dk> wrote:> What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to attacks > using ptrace. > > There is a mitigation described here > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > which doesn't fix the underlying problem, but at least protects against > known attack vectors. However, I'm unsure if the script only applies to > Centos 7, or if it also works on Centos 6? > > Cheers, Christian > >I have not been able to get this script to work on CentOS 6.8 I've installed kernel-debug, kernel-devel, kernel-debug-devel, kernel-debug-debuginfo, kernel-debuginfo-common and I still get: stap -g -p 4 dirtyc0w.stp semantic error: while resolving probe point: identifier 'syscall' at dirtyc0w.stp:5:7 source: probe syscall.ptrace { ^ semantic error: no match Pass 2: analysis failed. [man error::pass2] Anybody have any success with this? -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu On 24-10-2016 18:29, Gilbert Sebenste wrote:> >> On Sat, 22 Oct 2016, Valeri Galtsev wrote: >> >> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >>> >>>> Dear All, >>>> >>>> I guess, we all have to urgently apply workaround, following, say, this: >>>> >>>> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtyco >>>> w-centos-7rhel7cpanelcloudlinux/ >>>> >>>> At least those of us who still have important multi user machines >>>> running >>>> Linux. >>>> >>> >>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not >>> vulnerable. >>> >> >> Patch is out on RHEL side: >> >> https://rhn.redhat.com/errata/RHSA-2016-2098.html >> >> ******************************************************************************* >> >> Gilbert Sebenste ******** >> (My opinions only!) >> ****** >> ******************************************************************************* >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Peter Kjellström
2016-Oct-25 13:39 UTC
[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 10:06:12 +0200 Christian Anthon <anthon at rth.dk> wrote:> What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to > attacks using ptrace.I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix. Ask off-list if you want an src.rpm /Peter K
Reasonably Related Threads
- CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
- CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw