• DEMO
  • Security: Dirty COW Security Hole Discovered
    • By Gerry Sweeney
    • In Security
    • Posted 2016-10-27 23:02:07

    Security: Dirty COW Security Hole Discovered

    A fairly nasty security bug CVE-2016-5195 nicknamed Dirty COW was found by Phil Oester, a Linux Security researcher.  The flaw is relatively easy to exploit so its important to patch this on your systems ASAP, everyone running Linux will have this problem.  RedHat’s description can be found here and relating to the issue states:-

    "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.  An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."

    The security issue has been in the Linux kernel for a long time but has only recently been uncovered, it is not known if this problem has been exploited or not, there is no known instances of it but thats not to say it has not been.  However, now this vulnerability is a known problem we can expect attacks to follow so anyone running a linux environment should be patching this as soon as possible. 

    Hornbill’s own cloud environment is all run on a CentOS distribution of Linux so our systems have had that vulnerability.  We are lucky in a sense because we do not provide direct access to our systems outside of our own network.  All end user access is provided through our application services and API’s which are not vulnerable to the problem.  In theory an attacker could chain this exploit together with another security issue it could be possible to exploit but thats a pretty unlikely scenario. 

    Of course, as soon as we got to know about the issue we reviewed our systems to make sure there was no direct way for anyone outside of our own network to exploit this on our systems and ensure there was not immediate risk to our customers data, and then we waited patiently for a patch to be developed by the security experts in the Linux community. 

    We use http://spacewalk.redhat.com/ to manage all our internal Linux servers so pushing out the patch and confirming it has been applied is trivial. We always push out changes to our development and test environment in order to confirm that our systems are still working as expected.  We then push the change into our production systems, generally 48 hours after. This particular change is a little tricker than usual as its a Kernel update it requires a restart of the servers to make sure the patch is actually applied, and this needs to be done while not disrupting service. 

    We have now patched all of our servers at all global locations and everything is up and running without issue.

    Categories

    Latest Posts

    • Searching for Requests in Service Manager

      2018-04-20 22:50:04
      Feature Friday

      Hornbill's Service Manager offers a number of search features for locating requests held within Service Manger...

    • Project Manager Portfolio

      2018-04-14 02:46:24
      Feature Friday

      Hornbill's Project Manager Portfolio is the entry point to view and access all of your projects.  Its simple views and lists give a quick perspective on the current state of your projects, whether it be showing the progress toward the next milestone of a project or getting a glance at your top pr...

    • Hornbill Service Manager improves IT performance at the Victoria & Albert Museum

      2018-03-05 22:34:20
      Our Stories

      Grant Fettis (Change Manager) and Chris Nutt (IT Service Desk Manager) explain how Hornbill Service Manager has delivered collaboration, agility and transparency to improve the value of service delivery across different business units at the Victoria & Albert Museum.