Dirty Cow fix?
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Morten
  2. 21.10.2016
  3.  Subscribe via email
Kernel exploit
Rate this post:
  1. 21.10.2016 08:10:24
  2. # 1
Morten Accepted Answer
Posts: 115
Joined: 16.04.2014
0
Votes
Undo
Hello,

Is https://bugzilla.redhat.com/show_bug.cgi?id=1384344 patched?
More information also available here:
https://dirtycow.ninja/
  1. 21.10.2016 09:10:04
  2. # 2
Mike Tindor Accepted Answer
Posts: 35
Joined: 08.11.2013
0
Votes
Undo
\'m not too bright, but the \"mitigation\" I\'ve read about states that it disables ptrace.

I wonder if having \"kernel.user_ptrace = 0\" in /etc/sysctl.conf is enough to mitigate this on CL servers.

Mike

  1. 21.10.2016 10:10:30
  2. # 3
Stéphan Schamp Accepted Answer
Posts: 4
Joined: 31.07.2014
0
Votes
Undo
Can you tell us more about the impact?

I am using CageFS everywhere and all users are in LVE.

I am unable to reproduce the bug:


bash-4.1$ cat foo
this is not a test
bash-4.1$ ./dirtyc0w foo m00000000000000000
mmap cd95a000

madvise 0

procselfmem -100000000

bash-4.1$ cat foo
this is not a test
  1. 21.10.2016 12:10:59
  2. # 4
Richard Hordern Accepted Answer
Posts: 212
Joined: 19.03.2011
0
Votes
Undo
It doesn\'t affect Redhat 5 or Redhat 6 with default configuration, only Redhat 7, So I presume that it\'s the same for CloudLinux and that only version 7 is vulnerable.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.