KernelCare Blog - CloudLinux Blog - Page 6
KernelCare Blog

How to fix Dirty COW without rebooting servers

How to fix Dirty COW without rebooting servers

How to fix Dirty COW without rebooting servers
The Dirty Cow exploit (CVE-2016-5195) is said to be the “Most serious” Linux privilege-escalation bug, ever. Within a few days of its discovery, various Linux distributions have released patches to fix it, but to apply those, you need to reboot servers. You either need to suffer downtime you haven’t planned for, or wait for the next maintenanc...
Continue reading
  60601 Hits
  1 Comment
Nonprofits can now live patch kernels for free
Tags:

Nonprofits can now live patch kernels for free

Nonprofits can now live patch kernels for free
In light of the recent Dirty Cow exploit, said by experts to be the “Most serious” Linux privilege-escalation bug ever, we’ve decided to push forward our prior plans to offer KernelCare for free for nonprofit organizations so that they can protect themselves from critical vulnerabilities including the Dirty Cow CVE-2016-5195. KernelCare provides ti...
Continue reading
  3994 Hits
  0 Comments
Live patching for your custom kernel
Tags:

Live patching for your custom kernel

Live patching for your custom kernel
Do you want to use KernelCare for rebootless kernel updates? But what if you are running an unsupported distribution? What if your kernel is custom, self-compiled, special, or just old? Look no further than KernelCare. It provides Custom Kernel Patching so that you can benefit from live patching service for your kernel. The experts on our security ...
Continue reading
  2583 Hits
  0 Comments

KernelCare, Dirty Cow, systemtap and CentOS/RHEL/CL 5 - Important!!!

The systemtap scripts recommended by RedHat https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 and many other people as workaround against CVE-2016-5195 (a.k.a DirtyCow) might be ineffective against new variations of the attack like this one: https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c [correction Oct 22, 7:04am: this ...
Continue reading
  3854 Hits
  0 Comments
Dirty Cow vulnerability: the fix is here!
Tags:

Dirty Cow vulnerability: the fix is here!

Dirty Cow vulnerability: the fix is here!
A vulnerability has been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. KernelCare team is working on fixing of the so-called Dirty Cow issue. CVE-2016-5195 : a race condition in the memory management code can be used for local privilege escalation. Dirty Cow patch for KernelCare ETA:...
Continue reading
  12434 Hits
  0 Comments
Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.
Recently a flaw was found in Linux kernel 2.6.32 that allows local users to escalate their privileges for servers with InfiniBand.    If your servers have InfiniBand and you are running CentOS/RedHat/CloudLinux 6, Virtuozzo/OpenVZ, Proxmox 2.x WITHOUT KernelCare, you are vulnerable. We recommend you update and reboot your kernels to resol...
Continue reading
  2317 Hits
  0 Comments
New vulnerability makes it easy to escape from the container

New vulnerability makes it easy to escape from the container

New vulnerability makes it easy to escape from the container
CVE-2016-4997 and CVE-2016-4998 were issued for a vulnerability that lets user inside container to escalate priveleges and escape the containment. The issue affects Virtuozzo, OpenVZ, LXC and Docker containers. If you are running KernelCare -- your servers are already patched, and safe. If you have yet to deploy KernelCare -- please, make sure...
Continue reading
  5208 Hits
  2 Comments
Hackers are using local DoS attack using CVE-2016-4581 against hosting provider

Hackers are using local DoS attack using CVE-2016-4581 against hosting provider

Hackers are using local DoS attack using CVE-2016-4581 against hosting provider
Distributions have yet to patch CVE-2016-4581 in CentOS/RHEL/CloudLinux 7 kernels. At the same time, the vulnerability is already known to be used in attacks against hosting providers to crash servers. We are working hard to release new CloudLinux 7 kernel that fixes this bug.  Yet, if you want to be protected now, the fix is already avai...
Continue reading
  4056 Hits
  0 Comments
How to reduce downtime of managed servers - Liquid Web knows
Tags:

How to reduce downtime of managed servers - Liquid Web knows

How to reduce downtime of managed servers - Liquid Web knows
Liquid Web rolls out KernelCare to 20K managed servers Liquid Web is one of the most well-respected companies in web hosting. Their 30,000+ customers rely on Liquid Web’s deep technical expertise and a variety of high-performance servers and hosting products. Rolling out KernelCare to 20,000 of their managed servers only attests to their commitment...
Continue reading
  4729 Hits
  1 Comment
Ubuntu LTS 16.04 includes livepatch - now what?
Tags:

Ubuntu LTS 16.04 includes livepatch - now what?

Ubuntu LTS 16.04 includes livepatch - now what?
Livepatch, a technology to apply patches to a running kernel, has been available for some time. Now Ubuntu LTS 16.04 became the first major Linux distribution to enable it in their kernel. We’ve been asked what this really means, and does it make KernelCare obsolete? The answer is: not at all. Yes, the technology to apply the patches is here (after...
Continue reading
  7457 Hits
  0 Comments