Security Alert! Dang That Dirty COW.

By now, you’ve probably heard of Dirty Cow (CVE-2016-5195 [https://dirtycow.ninja]), the latest oddly named security vulnerability that was discovered recently. This one is particularly broad as it affects all Linux systems, including SBOX appliances of all versions to date. Dirty COW also affected the Android operating system. We released a patch to fix the vulnerability and want to share some additional information about it.

The Dirty Cow exploit allows a hacker to bypass normal file-system protections within the linux Kernel, then proceeds to write to restricted system files and generally access resources as a root user. The simple, well relatively simple, explanation is that it involves exploiting a kernel level function called Copy-On-Write or COW, get it?

This has rightfully been receiving a lot of attention since it was discovered a few weeks ago, due to the potential for exploitation. However, we should note that to date there have been no notable hacks attributed to this vulnerability.  With security being a core tenet and an unrelenting focus for us at SBOX, we take this, or any potential vulnerability, very seriously regardless of its origin.

Our team has accelerated the validation and certification of a patch to the SBOX platform contained in the v2.0.4 Upgrade Pack available at http://support.SBOXinc.com.

  • For customers already running v2.0 or greater,  you can directly download and apply the upgrade pack.
  • For customers on v1.x, please contact our support team for help in upgrading to v2 before applying the patch.

We strongly encourage all customers to apply this patch immediately to eliminate the vulnerability and maintain continuity of operations. If you have any questions, our support team is here to help at support@sboxinc.com or via phone at +1 (800) 549-7888.

Now that we got the important PSA out of the way, here’s a little more about the infamous bovine beast.

When was it discovered?

The vulnerability was only discovered on October 2016, but has existed since 2007.

What systems are affected?

This affects most if not all Linux systems including Android phones utilizing the Linux kernel. In case of RedHat, for example, it includes the 7.1 version released on 2016-10-26. Here is full errata for RedHat [https://access.redhat.com/security/cve/cve-2016-5195], Debian [https://security-tracker.debian.org/tracker/CVE-2016-5195], SuSE [https://www.suse.com/security/cve/CVE-2016-5195.html], and Ubuntu [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html].

What is the danger?

Simply put, it allows a hacker to gain full control of the system and potentially use that access to install malware, launch attacks, destroy or steal data, etc.  However, an attacker must still find a way to deliver the exploit code to the system which requires the access and the ability to execute code on the system to begin with.

Can it be detected?  Can I tell if it has already been exploited?

The existence of the vulnerability cannot be detected by anti-virus or malware detection programs, but because it has existed since 2007 it is fair to assume most Linux systems are vulnerable.  Secondly, there is no direct way to tell if hackers have exploited the vulnerability.

What exactly do you need to do?

Download and install SBOX version 2.0.4 which includes several patches including the Dirty Cow fix.