Threat Advisory: Dirty COW Linux Kernel Vulnerability
October 21, 2016
A 9-year-old critical vulnerability in the Linux kernel, dubbed 'Dirty COW' (CVE-2016-5195) has recently surfaced and is being actively exploited. The vulnerability, named from the copy-on-write (COW) mechanism in the Linux kernel, could allow a malicious actor to tamper with read-only, root-owned executable files. In other words, exploitation of this vulnerability may allow an attacker to take complete control of an affected system.
The Dirty COW vulnerability should be taken seriously as it has been present in the Linux kernel since version 2.6.22 (est. 2007). It is believed to be present in Android, which is powered by the Linux kernel, as well as every distribution of RedHat, Debian and Ubuntu released for the past decade.
Security technologies within your corporate environment may employ Linux and, if not regularly patched, may be susceptible to such an attack. Herjavec Group recommends ensuring that core infrastructure technologies powered by a Linux are patched and maintained to prevent potential compromise.
US-CERT recommends that users and administrators review the Red Hat CVE Database, the Canoical Ubuntu CVE Tracker, and CERT Vulnerability Note VU#243144 for additional details, and refer to their Linux or Unix-based OS vendors for appropriate patches.
For more information please contact a Herjavec Group security specialist today.
Herjavec Group circulates US – CERT advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply detection and mitigation strategies where appropriate. For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or RTcontact Herjavec Group.