You are here
Linux-Kernel Privilege Escalation Vulnerability - Dirty Cow
Last update on 19. January 2017 - 14:56.
A race condition was found in the Linux kernel memory subsystem. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system [1].
An exploit is available to write into any file on the system even if the user has only read access to the file. This exploit does not work on CentOS 6. Therefore Airlock WAF is not affected by this exploit. Note that this does not mean that the vulnerability can not be exploited in CentOS 6.
The vulnerability is not relevant for interactive (shell) users on Airlock WAF, because all interactive users are trusted. Exploiting the vulnerability trough an external listening process is difficult. This would require an additional vulnerability in Apache httpd (or stunnel if SSL VPN is used). Additional protection measures like SELinux are in place to mitigate this risk.
Hotfixes are available for Airlock WAF 6.0 and Airlock WAF 5.3.1 to update the Linux Kernel. The criticality of the hotfix is low.
For all back-end systems running a Linux kernel we recommend to check whether the Linux distribution is affected. We recommend to patch affected systems since these systems typically rely on interactive unprivileged users or the risk of a remote command execution flaw in the system is non negligible.