Dirty COW

[Bigun]

Article

 

CVE-2016-5195

Quote

 

"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings," reads the website dedicated to Dirty COW.

 

This seems just as bad as heartbleed or the recent TCP exploit.  Patch your kernels, yesterday.

*edit*

Google your distro along with the words "Dirty COW" to see where this vulnerability is fixed.

[SCHISCHKA]

8 minutes ago, Bigun said:

It seems the exploit is fixed in most distros on version 4.4.26 or higher.

a good reason to demand android OEMs provide commitments to software updates

[KuJoe]

One thing to note is this exploit requires local access so it cannot be exploited remotely without first gaining access to your system.

[KuJoe]

31 minutes ago, Bigun said:

Article

It seems the exploit is fixed in most distros on version 4.4.26 or higher.  Run uname -a in a terminal to see what version you are running.

This is incorrect and should be removed from your post. All major Linux distros have been patched all the way back to kernel 2.x so including the kernel version for one district is misleading.

[Bigun]

21 minutes ago, KuJoe said:

This is incorrect and should be removed from your post. All major Linux distros have been patched all the way back to kernel 2.x so including the kernel version for one district is misleading.

Most of them are, but I can see someone taking refuge in an unpatched kernel in that particular version number.  Revised.

[KuJoe]

1 hour ago, Bigun said:

Most of them are, but I can see someone taking refuge in an unpatched kernel in that particular version number.  Revised.

Thanks for fixing it. My main concern is for people running CentOS or Debian which are still on 2.x and 3.x and thinking they need 4.4.26 to be safe when they really just need the latest kernel for their distro. I've already received a lot of support tickets for my clients concerning this because they don't have the latest Ubuntu kernel even though most of them are running CentOS but the blog post they read stated a kernel version specific to Ubuntu. Just trying to avoid any confusion here and prevent any misinformation for the Linux newbies among us.

[flowalex]

Is it bad that my first thought when I heard of this a few days ago was how can I use this to root my android phone (no way to root on lollipop and don't feel like downgrading and upgrading)

[Bigun]

14 hours ago, flowalex said:

Is it bad that my first thought when I heard of this a few days ago was how can I use this to root my android phone (no way to root on lollipop and don't feel like downgrading and upgrading)

You wouldn't be the first.