Dirty Cow vulnerability CentOS

6 posts / 0 new
Last post
#1 Sun, 10/23/2016 - 08:23
applejack

Dirty Cow vulnerability CentOS

Has anyone applied the mitigation for the Dirty Cow vulnerability as stated at https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13

Is this safe to do so using Webmin / Virtualmin and any other potential issues.

On a test server I first had to run the install below before running stap -g update.stp

yum install systemtap yum-utils
debuginfo-install kernel-$(uname -r)

However after the install running yum update lists an new version from 2.6.32-642.6.1.el6.centos.plus from installation source Base-debuginfo even though the installed version is the same number.

This update stops the mitigation script from working.

This is on CentOS 6.8

Sun, 10/23/2016 - 18:56
andreychek

Howdy,

I'd be very interested to hear other's experiences with that, though I personally had not, I only have experience updating the kernel packages and rebooting.

-Eric

Mon, 10/24/2016 - 10:49 (Reply to #2)
applejack

Hi Eric

I found out that the reason why it tries to update from CentOS plus is that when installing the initial kernel-debuginfo it also installs yum-plugin-auto-update-debug-info. Why this should then try and get it from Centos Plus I've no idea but uninstalling it removes it from yum update.

Sun, 10/23/2016 - 19:58
applejack

Yes to me it seems odd that it should try and get the package from CentOs Plus even though it is not enabled. However since Redhat / CentOS have not come up with a patch for the vulnerability that is my main concern at the moment and whether or not it is advisable to run the mitigation script.

Mon, 10/24/2016 - 09:12
PaliGap

I think Red Hat have now come up with a fix for v7 via update? "This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2098". If so, hopefully the CentOS folks will have this available via "yum update" very soon.

& apparently v5 & v6 are not vulnerable to the "known" threat? https://access.redhat.com/security/vulnerabilities/2706661

Mon, 10/24/2016 - 10:54 (Reply to #5)
applejack

From Redhat in the same thread you posted "RHEL5 and RHEL6 are vulnerable. However, the in the wild exploit we are aware of doesn't work on RHEL5 and RHEL6 out of the box,"

So presumably they'll patch it for 5 and 6 though maybe not as soon as for 7.

Topic locked