Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Anybody want to talk about Dirty Cow?
The Lounge What is on Your Mind? Anybody want to talk about Dirty Cow? Post 302984395 by hicksd8 on Tuesday 25th of October 2016 11:57:18 AM
Old 10-25-2016
Here's a news clip from the UK. (BBC Copyright acknowledged)

Users of the Linux operating system are being urged to update it to remove a "serious" bug that hackers could use to hijack systems.
Known as the Dirty Cow bug, the vulnerability has been present in many versions of Linux for almost a decade.
The warnings come as malicious hackers start exploiting it to take over vulnerable computers.
The vulnerability gets its name from the Linux sub-system, called Copy-On-Write or COW, in which it appears.
Updated versions of Linux that no longer suffer the bug are now being widely distributed. Millions of computers, including a majority of web servers, run Linux or one of its variants.


"The nature of the vulnerability lends itself to extremely reliable exploitation," Dan Rosenberg, a security researcher at Azimuth Security, told tech news site Ars Technica. He added that it was the "most serious" bug of its type ever found in Linux.
The vulnerability allows attackers to steadily increase the amount of control they can exert over a target system.
Security expert Graham Cluley said the bug was of a type that did not normally prompt action because they were less likely to be exploited. However, he said, Dirty Cow should be taken seriously because there was some evidence that it was being actively abused.
Attack code that capitalised on the weakly protected sub-system was captured by developer Phil Oester as it was used in an attempt to take over a server he runs.
Mr Oester told the V3 tech news site that the vulnerability was easy to use and was "almost certain" to be more widely used by cyberthieves.
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Quick-and-dirty g++ compilation

I am creating a small bash file that will take one argument and compile it: #!/bin/bash OUT=${$1%.cpp} # C++ source files always end in .cpp g++ -Wall $1 -o $OUT chmod 777 $OUT The error message says 'bad substitution', namely where OUT is defined. How to fix this? (1 Reply)
Discussion started by: figaro
1 Replies

2. AIX

Can't mount showing 0506-342 The superblock on /dev/fslv00 is dirty

Dear All Last day in Aix 5.2 server by executing # df –g I found following: Filesystem GB blocks Free %Used Iused %Iused Mounted on . . /dev/fslv00 58.00 136.70 -135% 212103 1% /sprod After shutting down by following command # shutdown –h And when... (1 Reply)
Discussion started by: xa52000
1 Replies

3. UNIX for Advanced & Expert Users

Finding volumes with mirrored DRL(Dirty Region Log)

hi, How do I find VxVM volumes which have a mirrored DRL. thanks in advance Prasi (2 Replies)
Discussion started by: prasi_in
2 Replies

4. Shell Programming and Scripting

noob question - is awk the tool to clean dirty text files?

Hi, nevermind. I think I've found the answer. It appears I was looking for index, match, sub, and gsub. I want to write a shell script that will clean the html out of a bunch of files and format the data for import into excel. Awk seems like a powerful tool, but it seems oriented to... (1 Reply)
Discussion started by: yogert909
1 Replies

5. Shell Programming and Scripting

Need a quick and dirty solution

I have a list of multiple versions of software. The list is formated as follows: NAME VERSION I simply need to pull out the highest version of each software, for example: Original File a v1.0 a v1.1 a v1.2 b v2.1 b v2.2 b v2.21 b v3.0 Output a v1.2 b v3.0 (13 Replies)
Discussion started by: Finja
13 Replies

6. UNIX for Advanced & Expert Users

Superblock marked dirty

Good morning! I met a problem on a FS with AIX 5.3 It's not possible to mount the FS because of a dirty superblock. I tried few things without success. I need your help to solve my problem guys. Do you have any idea please? Thanks a lot drp01,/home/root # mount /GSPRES/data Replaying... (9 Replies)
Discussion started by: Castelior
9 Replies

7. Linux

Broadcom under Fedora 18 (Spherical Cow)

So I'm having a problem getting a Broadcom BCM4312 wireless controller to work under the broadcom-wl module $uname Linux 3.8.11-200.fc18.x86_64 #1 SMP Wed May 1 19:44:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux lspci -v 05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g... (2 Replies)
Discussion started by: Skrynesaver
2 Replies

LEARN ABOUT DEBIAN

debsecan

DEBSECAN(1)															       DEBSECAN(1)

NAME

       debsecan - Debian Security Analyzer

SYNOPSIS

       debsecan options...

DESCRIPTION

       debsecan analyzes the list of installed packages on the current host and reports vulnerabilities found on the system.

OPTIONS

       --suite count
	      Choose a specific suite.	debsecan produces more informative output (including obsolete packages) if the correct suite is specified.
	      The release code name has to be used ("sid"), not the temporal name ("unstable").

       --whitelist file
	      Change the name of the whitelist file.

       --add-whitelist, --remove-whitelist, --show-whitelist
	      Add or remove entries from the whitelist, or print the whitelist to standard output.  See the CHANGING THE WHITELIST section below.

       --source url
	      Override the default download URL for vulnerability data.

       --status file
	      Evaluate a different dpkg status file.

       --format format
	      Change the output format.  If format is summary (the default), a short summary for each vulnerability is printed.  The simple format
	      is like the summary format, except that only the bug packages names are printed.	For bugs and packages, debsecan lists the names of
	      vulnerabilities and binary packages, respectively.  --format detail requests a verbose output format, showing  all  available  data.
	      The report format is used for email reports.

       --line-length characters
	      Specifies the line length in report mode.  The default is 72.

       --mailto mailbox
	      The  --mailto option instructions debsecan to the send the report to the email address mailbox.  No report is sent if there where no
	      changes since the last invocation with --update-history.	This option requires the --format report output format.  The option  value
	      may contain macros, see the section CONFIGURATION FILE MACROS below.

       --only-fixed
	      Only  list  vulnerabilities for which a fix is available in the archive.	Note that it can happen that a fix is listed, although the
	      package has not been built for the system's architecture and is not yet available for download.  (If you use this option,  you  also
	      must specify the correct suite using --suite.)

       --no-obsolete
	      Do  not  list any obsolete packages (see below).	Using this option is not recommended because it hides real vulnerabilities on some
	      systems, not just false positives.

       --history file
	      Change the name of the history file used by --format report.

       --update-history
	      Update the vulnerability status information after reporting it using --format report.

       --cron Internal option used for invocations from cron.  Checks if the vulnerability data has already been downloaded today.  In this  case,
	      further processing is skipped.  See debsecan-create-cron(8) for instructions how to create a suitable cron entry.

       --config file
	      Sets the location of the configuration file.

       --help Display a short help message and exit.

       --version
	      Display version information and exit.

CONFIGURATION FILE

       The  configuration  file  contains the following variables.  It follows name=value shell syntax.  If value contains white space, it must be
       surrounded by double quotes.  Some variables may contain macros; see the section CONFIGURATION FILE MACROS below.

       MAILTO Sets the email address to which reports are sent in --cron mode.	May contain macros.

       REPORT Controls whether debsecan does any processing whatsoever in --cron mode.	(Permitted values: true and false.)

       SOURCE Controls the URL from which vulnerability information is fetched.  If empty, the built-in default is used.

       SUITE  Sets the default value of the --suite option (see there).

       SUBJECT
	      Changes the subject line of reports.  May contain macros.

CONFIGURATION FILE MACROS

       Macro processing replaces strings of the form %s(key)s with system-dependent values.  Support keys are:

       hostname
	      The host name on which debsecan runs, without the domain name part.

       fqdn   The fully-qualified domain name of the host on which debsecan runs.

       ip     The IP address of the host on which debsecan runs.  This may be inaccurate on multi-homed systems.

CHANGING THE WHITELIST

       You can use the --add-whitelist and --remove-whitelist options to change the whitelist.	Whitelisted vulnerabilities are  not  included	in
       the reports.  For example,

	      debsecan --add-whitelist CVE-2005-4601

       ignores the vulnerability CVE-2005-4601 completely, while

	      debsecan --add-whitelist CVE-2005-4601 perlmagick

       ignores	it  only  as  far  as  the perlmagick is concerned.  (This is the same format that is produced by the --format simple option.)	To
       remove all whitelist entries for the CVE-2005-4601 vulnerability, use:

	      debsecan --remove-whitelist CVE-2005-4601

       If you want to remove an entry for a specific vulnerability/package pair, list the package name explicitly, as in:

	      debsecan --remove-whitelist CVE-2005-4601 imagemagick

       You can list multiple vulnerability and packages.  For example,

	      debsecan --add-whitelist CVE-2005-4601 
		 CVE-2006-0082 imagemagick perlmagick

       whitelists CVE-2005-4601 for all packages, and CVE-2006-0082 for the imagemagick and perlmagick packages only.

CAVEATS

       Much like the official Debian security advisories, debsecan's vulnerability tracking is mostly based on source packages.  This can be  con-
       fusing  because	tools  like  dpkg only display binary package names.  Therefore, debsecan displays the more familiar binary package names.
       This has the unfortunate effect that all binary packages (including packages containing only documentation, for	example)  are  flagged	as
       vulnerable, and not only those packages which actually contain the vulnerable code.

       If  the	correct  --suite option is specified, debsecan may mark some packages as obsolete.  This means that the binary package in question
       has been removed from the archive.  In this case, you need to update all the packages depending on the obsolete package,  and  subsequently
       remove the obsolete package.

       For  certain architectures, build daemons may lag considerably.	In such case, debsecan may incorrectly mark a package as fixed, even if an
       update is not yet available in the Debian archive.

       Note that debsecan version uses the --suite option only to determine the availability of corrected packages and to  detect  obsolete  pack-
       ages.   If  you specify the wrong suite, only the information on available security updates and obsolete packages is wrong, but the list of
       vulnerabilities is correct.

       Mixing packages from different Debian releases is supported, as long as the packages still carry their official version	numbers.   Unknown
       package	versions  (from backported packages, for example) are compared to the version in Debian unstable only, which may lead to incorrect
       reports.

EXAMPLES

       This command prints all package names for which security fixes are available:

	      debsecan --suite suite --format packages --only-fixed

       If you pass this output to apt-get, you can download new packages which contain security fixes.	For example, if you are running sid:

	      apt-get install 
		 $(debsecan --suite sid --format packages --only-fixed)

       The following command can be invoked periodically, to get notifications of new security issues:

	      debsecan --suite suite --format report 
		 --update-history --mailto root

       See debsecan-create-cron(8) for a tool which creates a suitable cron entry.

ENVIRONMENT

       http_proxy
	      This environment variable instructs debsecan to use a proxy server to fetch  the	vulnerability  data.   It  must  be  of  the  form
	      http://proxy.example.net:8080/ (mimicking a URL).

FILES

       /etc/default/debsecan
	      Built-in location of the configuration file.

       /var/lib/dpkg/status
	      File from which the package information is fetched by default.

AUTHOR

       debsecan was written by Florian Weimer.

SEE ALSO

       dpkg(1), debsecan-create-cron(8), apt-get(8)

								    2005-12-23							       DEBSECAN(1)
All times are GMT -4. The time now is 10:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy