Experts Need expert help? Don’t hesitate to talk.
The Linux Operating System is an open source and this means that anyone can access the source code or make changes in it. A large number of applications are based on this Operating System and even the Android mobile devices are based on this.
As it is an open source, it makes this system even more vulnerable to attackers as well as security bugs.
Recently, a nine-year-old bug in Linux Kernel called Dirty Cow was recorded. The official name given to this bug is CVE-2016-5195. In this vulnerability, a local user or an attacker gets the root access to the server and therefore can have the total control over the entire system.
The privilege escalation vulnerability is called as Dirty Cow because a researcher found that
a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakages of private read-only memory mappings. Attackers can use this to gain write access to otherwise read-only mappings and this way take control over whole systems.
Since this bug has been there for nine long years, it has affected thousands of Linux based devices. The bug affected Ubuntu, Red Hat, CentOS, Debian and some other Linux distros. So, if your store is running on an old version of Linux OS, then you need to immediately upgrade it to the latest version. And this update requires the reboot of the system once you have received the security patches.
You need to follow the below-given commands to update your Linux system:
Debian/Ubuntu:
$sudo apt-get update && sudo apt-get dist-upgrade
RedHat:
$sudo yum update
$sudo reboot
After the reboot of your Linux Systems, you have to make sure that the systems are running on the new updated kernel.
The Dirty COW bug has also affected the Linux-based Android devices. In Android devices, this bug has new rooting technique. But, the patches will also be available for these systems soon.
The Dirty COW can be a big problem for the eCommerce store owners if their Magento® store is compromised because then the attacker will be able to upload files to your server or the hosting account.
If you run your store with a Shared hosting server, then you need to ask your hosting provider implement the security patches to protect against this vulnerability.
Do you want to know more about the security patches for the Dirty COW bug or latest Magento® updates? Do you need help in installing the security patch for Dirty COW into your Magento® store? Then talk to our Magento® Security Experts about your issues and get a perfect resolution for your store.
It is quite surprising that this Dirty COW vulnerability was there in the Linux system since nine long years. But finally, there is some simple resolution for this issue. Thanks for sharing this important information!