Recently, a serious vulnerability in the Linux kernel was publicly disclosed. The vulnerability, popularly known as the Dirty COW, has been present for nine years in almost all the versions of Linux operating systems, including the widely-used Linux distros, such as Redhat, Debian, Ubuntu, etc.
This means a majority of web servers have become unsafe. But, no worries!
We have actively addressed the issues and applied the patches on all the servers at Cloudways. Additionally, the team managed to do this with negligible downtime that normally results from such activities of kernel update.
You need to restart your servers at the earliest. The patch fully functions once a server reboots. Therefore, log in now and restart your server. Alternatively, do it at a time that is feasible for you.
What Exactly Is the Dirty COW?
Simply speaking, the Dirty CoW vulnerability allows attackers to gain root access to servers and take control of the complete system. It allows a system user to bypass standard permission mechanisms that would prevent modification without an appropriate permission set, and thus, enables the attacker to take control over the system.
This vulnerability can be exploited through several ways. An attacker would only need a low-level access to the system, such as through compromised SSH/Shell account, before exploiting this bug, or through a vulnerable web application which allows an attacker to upload a faulty script.
The most alarming thing about this bug: it is impossible for security mechanisms to detect this issue, and once exploited, there is no evidence of what has happened.
Who Uncovered the Dirty COW Vulnerability?
This vulnerability was uncovered by a security researcher, Phil Oester. Assigned the code CVE-2016-5195, the vulnerability is a sort of a race condition, in a way, that the Linux kernel’s memory subsystem handles copy-on-write (hence, the name CoW) breakages of private read-only memory mappings.
Using this vulnerability, attackers can gain the write access to otherwise read-only mappings, and hence, take control over the whole systems.
What Cloudways Did to Secure the Servers?
The Dirty COW vulnerability has been present in the Linux kernel since version 2.6.22, released in 2007. It means the issue was present on all Linux servers since then. Considering the serious nature of this vulnerability, we started work as soon the official Debian patch was available.
Our dedicated team of security experts got busy as we take server security very seriously. We ensure that all the users are provided with iron-clad server security and vulnerabilities, like Dirty CoW, are taken care of as soon as a fix is officially available.
We were able to patch the updates on Debian Maintainers, the Linux OS used by Cloudways. Engineers at Cloudways were able to roll out the updates all over the network (yes, on thousands of machines) successfully with virtually no downtime.
We have made sure from our end that your servers are secure. However, we would advise all you to reboot your servers at the earliest in order to protect your web apps. Here is where you can get started.
If there is any issue, inform the Customer Support team using Live Chat. Act now, stay safe! 🙂