Dirty COW: What You Need to Know

A serious vulnerability in the Linux kernel has been identified. Here's what we're doing about it, and what you should do as well.

James calendar Oct 26, 2016 book News

Within the last week a serious Linux kernel vulnerability made the news, with another headline-worthy name: Dirty COW. The name comes from the fact that the issue relates to the kernel's handling of copy-on-write (COW) and affects kernels going back as far as 2007, so the impact range is substantial.

In a nutshell, the vulnerability allows a malicious user with unprivileged access to the server to obtain write access to any file that they can read and by doing so escalate their privileges above what they should normally have. There have been proof of concepts released for this bug meaning action needs to be taken quickly to ensure the security of systems affected. Thankfully the major distributions including Debian, Ubuntu and CentOS have released kernel updates for the bug already, making it a relatively simple process to update.

For our managed customers, we're in the process of deploying the updated kernels to your servers. Once this is done the server will need to be rebooted in order for the new kernel to be loaded, which we will be encouraging you to do as soon as possible. Due to the severity of the issue if your server hasn't been rebooted by Friday evening we will be rebooting it for you to ensure your safety. Normally we wouldn't be rebooting servers with such short notice, however this is somewhat of an extenuating circumstance.

For unmanaged customers, you will need to update your kernel manually and then reboot your system. Under Ubuntu or Debian, you can update with the following command:

sudo apt-get update && sudo apt-get dist-upgrade

For Red Hat or CentOS systems:

sudo yum update

Other distributions should have update instructions on their websites. Don't forget to reboot after the update so that the new kernel can load!

Security issues like this pop up from time to time and while this one is especially serious, fixing the issue is fairly straightforward and as such we'll be performing it as soon as possible. If you have any questions about any of this get in touch with our support team and we'll be happy to help.