Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw

25 Oct 2016


      On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon anthon@rth.dk wrote:
...
What is the best approach on centos 6 to mitigate the problem is
officially patched? As far as I can tell Centos 6 is vulnerable to attacks
using ptrace.
There is a mitigation described here
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
which doesn't fix the underlying problem, but at least protects against
known attack vectors. However, I'm unsure if the script only applies to
Centos 7, or if it also works on Centos 6?
Cheers, Christian
I have not been able to get this script to work on CentOS 6.8
I've installed kernel-debug, kernel-devel, kernel-debug-devel,
kernel-debug-debuginfo, kernel-debuginfo-common and I still get:
stap -g -p 4 dirtyc0w.stp
semantic error: while resolving probe point: identifier 'syscall' at
dirtyc0w.stp:5:7
        source: probe syscall.ptrace {
                      ^
semantic error: no match
Pass 2: analysis failed.  [man error::pass2]
Anybody have any success with this?
-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphelps@cfa.harvard.edu, http://www.cfa.harvard.edu


On 24-10-2016 18:29, Gilbert Sebenste wrote:
>
>> On Sat, 22 Oct 2016, Valeri Galtsev wrote:
>>
>> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote:
>>>
>>>> Dear All,
>>>>
>>>> I guess, we all have to urgently apply workaround, following, say, this:
>>>>
>>>> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtyco
>>>> w-centos-7rhel7cpanelcloudlinux/
>>>>
>>>> At least those of us who still have important multi user machines
>>>> running
>>>> Linux.
>>>>
>>>
>>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not
>>> vulnerable.
>>>
>>
>> Patch is out on RHEL side:
>>
>> https://rhn.redhat.com/errata/RHSA-2016-2098.html
>>
>> *******************************************************************************
>>
>> Gilbert Sebenste ********
>> (My opinions only!)
>> ******
>> *******************************************************************************
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw