How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Support for security such as Firewalls and securing linux
helloworId
Posts: 2
Joined: 2016/10/22 13:42:02

How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by helloworId » 2016/10/22 13:59:46

Hi Team:

I am using centos6.8,the kernel version is 2.6.32-358.6.2.el6.x86_64.
I have test by the POC(https://github.com/dirtycow/dirtycow.gi ... /pokemon.c),it effect my linux:(
But i have not find an easy way to protect my linux in this weekend(i want to upgrade kernel in next week)
any help?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by TrevorH » 2016/10/22 15:26:30

The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.

If you're running 2.6.32-358.6.2.el6.x86_64. now then you are already massively backlevel and you have other security vulnerabilities to worry about. That's a 6.5 kernel and that's now nearly 3 years old. You should run yum update to get to the latest 6.8 plus whatever has been released in the last 4 months or so.

Redhat have a status page that you can use to track this issue. There is a link to the bugzilla entry for it too. https://access.redhat.com/security/cve/CVE-2016-5195
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

helloworId
Posts: 2
Joined: 2016/10/22 13:42:02

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by helloworId » 2016/10/24 11:28:32

TrevorH wrote:The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.

If you're running 2.6.32-358.6.2.el6.x86_64. now then you are already massively backlevel and you have other security vulnerabilities to worry about. That's a 6.5 kernel and that's now nearly 3 years old. You should run yum update to get to the latest 6.8 plus whatever has been released in the last 4 months or so.

Redhat have a status page that you can use to track this issue. There is a link to the bugzilla entry for it too. https://access.redhat.com/security/cve/CVE-2016-5195
thank you so much, i have run yum update to upgrade my kernel,but it tell me this is the newest version:( can you help?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by TrevorH » 2016/10/24 11:52:35

The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mkosmoski
Posts: 1
Joined: 2016/10/24 14:59:57

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by mkosmoski » 2016/10/24 15:16:59

Looks like updates have been released for RHEL7: https://rhn.redhat.com/errata/RHSA-2016-2098.html

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by avij » 2016/10/24 15:23:00

mkosmoski wrote:Looks like updates have been released for RHEL7: https://rhn.redhat.com/errata/RHSA-2016-2098.html
Yes, and the update is currently being processed in the CentOS buildsystem. It may take a few hours before all the steps get done and the update reaches the mirrors. Note that this fixes only the CentOS 7 kernel, kernel updates to 5 and 6 haven't been released yet by Red Hat.

matthes134
Posts: 6
Joined: 2015/01/29 16:23:26

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by matthes134 » 2016/10/25 11:01:50

what issues do you run into by forcing the upgrade of your kernel from 2.6.32.643 to 3.10

i have tested this on a vm
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-6- ... noarch.rpm

Install the kernel

yum --enablerepo=elrepo-kernel install kernel-lt

Seems to work when i rebooted and ran commands?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by TrevorH » 2016/10/25 13:28:28

The ELRepo kernels are advertised as "not for production use, use at your own risk" but that's probably just legalese. However they also have disadvantages - for example they do not adhere to the stable kernel ABI that the distro kernels use so it's not possible to also use the ELRepo kmod packages for hardware that is not supported.

I would not expect the el6 distro kernels to be a very long time before they arrive but I suspect that the patch for the older kernels is tricky to apply as that area of code is quite a lot different.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by TrevorH » 2016/10/25 18:51:22

The SRPM for kernel-2.6.32-642.6.2.el6 just appeared on the upstream ftp site. It'll need to be rebuilt for CentOS 6.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kilian
Posts: 14
Joined: 2015/05/27 01:05:56

Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?

Post by kilian » 2016/10/26 15:23:13

Will the CentOS 6.7 kernel get the fix?
RHEL released kernel-2.6.32-573.35.2: https://rhn.redhat.com/errata/RHSA-2016-2106.html

Post Reply