Dirty COW Linux Vulnerability

You may have seen this popup in your Magento admin in the last week. It’s probably worth giving it a quick run through to understand exactly what this is.

It’s the name given to a newly discovered vulnerability in virtually all versions of the Linux operating system. More accurately it is referred to as CVE-2016-5195. Its unfortunately not a new vulnerability but has existed for around 9 years. It’s just that now its been highlighted and made public.

Its called Dirty Cow because:

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

What it means is that left unpatched if a user can read a file they can also write to it even though they might not have write permission to that or other files. This opens up a wide range of vulnerabilities.

This is an issue to bring up with your hosting provider as the Linux Kernel should be updated. This is more important if you are on a shared environment as it could allow access to your files and data to other users on that server.

This sort of issue highlights the importance of having dedicated environments which is what we always recommend.

If you have any questions get in touch on 01423 226555 or via our contact us page.


LATEST POSTS

WIN a Two-Day Intro to Web Design and WordPress Course!WIN a Two-Day Intro to Web Design and WordPress...

3 weeks ago READ

Vortex Shortlisted for ‘Big Chip Transformation Award’ with AKW!Vortex Shortlisted for ‘Big Chip Transformation...

2 months ago READ

Vortex is 5!Vortex is 5!

2 months ago READ
all posts