Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DirtyCow (CVE-2016-5195)

Discussion in 'Security' started by gryzli, Oct 21, 2016.

  1. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 gryzli, Oct 21, 2016
    Last edited by a moderator: Oct 21, 2016
  2. Bazinga

    Bazinga Active Member

    Joined:
    Aug 23, 2016
    Messages:
    32
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    Ukraine
    cPanel Access Level:
    Website Owner
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    This really is one of those car crash events isn't it. RHEL / CentOS again seem to be latest to the party with a patch, the bug thread implies at an uneducated glance that CentOS6 users don't need to worry (which seems incorrect going on other posts to the thread and general chatter) and doesn't make clear if it's worth applying the mitigation on versions other than 7 to address the more recent POCs

    and the cPanel announcement doesn't make reference to their own kernel and when they'll update it cPanel Security Team: Dirty COW (CVE-2016-5195) | cPanel Newsroom

    I just give up.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 ThinIce, Oct 22, 2016
    Last edited: Oct 22, 2016
  6. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    If I understand correctly, the systemtap mitigation will not protect against the subsequent POC exploit released
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 ThinIce, Oct 22, 2016
    Last edited by a moderator: Oct 24, 2016
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Actually, my CentOS 6 Kernelcare systems aren't showing any fix

    Code:
    # cat /etc/redhat-release ; kcarectl --check ; kcarectl --patch-info | grep -i cve-2016-5195
    CentOS release 6.8 (Final)
    No update necessary
     
  8. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    @sparek-3

    Interesting - my check using the same code produced different results:
    Code:
    # cat /etc/redhat-release ; kcarectl --check ; kcarectl --patch-info | grep -i cve-2016-5195
    CloudLinux Server release 6.8 (Oleg Makarov)
    No update necessary
    kpatch-cve: CVE-2016-5195
    kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    BRILLIANT!

    They released an update that --check doesn't recognize. If you run kcarectl --update it updates! This is absolutely brilliant! I mean, why depend on --check to see if there is an update when, that never really matters!

    BRILLIANT!
     
  10. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    And for those of you looking for a CentOS/RHEL/cPanel kernel update you may want to just try yum update and never ever use yum check-update because seriously! Why should you ever just check for updates? Why spend time prepping for an update when you can just update! Who cares if it breaks a system or does something you didn't anticipate!

    Lesson learned today... checking for updates is totally useless!

    </sarcasm>
     
  11. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    Anybody with kcare fix for CloudLinux / Centos 5 ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    Just to summarize the current state of the things:
    CloudLinux have release dirty cow fix in their mainstream kernels for CL 6 and CL 7.

    There is kernel update for CL5 also, but it is in the testing repo.

    If you are using KernelCare (the rebootless kernel patching tool by CloudLinux), you must already have the patches for all CL 5,6,7. You can check this by issuing:

    Code:
    root@server [~]# kcarectl  --patch-info  | grep 2016-5195 -A 6
    kpatch-name: 2.6.18/CVE-2016-5195.patch
    kpatch-description: CVE-2016-5195 fix
    kpatch-kernel: kernel-2.6.18-412.el5
    kpatch-cve: CVE-2016-5195
    kpatch-cvss: 6.9
    kpatch-cve-url: [URL='https://access.redhat.com/security/cve/CVE-2016-5195']CVE-2016-5195 - Red Hat Customer Portal[/URL]
    kpatch-patch-url: [URL]https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619[/URL]
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #13 gryzli, Oct 24, 2016
    Last edited by a moderator: Oct 24, 2016
  14. garconcn

    garconcn Well-Known Member

    Joined:
    Oct 29, 2009
    Messages:
    133
    Likes Received:
    6
    Trophy Points:
    68
    Will this affect the server which does not have public SSH access? Thank you for any advice.
     
  15. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    352
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Yes, if there is for example a vulnerability in a web app such as Wordpress that would allow remote code execution or if any of the accounts on your system have been breached such that an exploit could be uploaded and then executed
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    garconcn likes this.
  16. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    In fact, if you have any publicly accessible service (Web, FTP, or whatever it is), if someone try and successfully exploit your service (in order to make it, to execute code with this service's username), this could be used as an indirect vector to do execute the privilege escalation exploit.

    It is really bad thing..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    garconcn likes this.
  17. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Folks

    I don't profess to know what any of this means other than I should update or patch.
    Would Yum Update fix this in CentOS 6.8 Final, or do I need to run specific patches ?
     
  18. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,809
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Allow me to address some of the questions and comments that have not yet received a response.

    Regarding the cPanel hardened kernel, there's an internal case open to build and publish an update once CentOS publishes a new kernel (the cPanel hardened kernel patches the CentOS 6 kernel for symlink race condition protection).

    I encourage you to share your thoughts regarding KernelCare to the CloudLinix Support Team, or on their forums at:

    CloudLinux Forum

    You can run "yum update" to update your system kernel once CentOS releases an updated kernel that addresses the issue. Note that you must reboot the system after updating the kernel. Or, if you are interested in a third-party application, consider using KernelCare from CloudLinux:

    CloudLinux - Main | New template

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    eva2000 likes this.
  19. gryzli

    gryzli Well-Known Member

    Joined:
    Jul 23, 2012
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    In short, we are still waiting for RedHat/Centos to release patched kernel :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,809
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    eva2000 likes this.
Loading...
Similar Threads - DirtyCow (CVE 2016
  1. ciao70
    Replies:
    1
    Views:
    612
  2. grayloon
    Replies:
    3
    Views:
    3,843

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice