CVE-2016-5195 - Dirty COW - Legacy Virtual Machine Platform


#1

You’ve no doubt heard of this problem already, thanks to the earlier posts on the topic here in these forums, and coverage online by people such as the BBC.

The security problem identified by CVE-2016-5195 (“Dirty Cow”) is an issue with the Linux kernel, allowing local users to over-write files that they should not have permission to modify. Allowing local users to overwrite root-owned files allows a trivial means for a local user to become root.

There are several exploits already published which show how easy this is.

We’ve now published updated kernels for our legacy virtual machine platform. You need to reboot your virtual machine to apply this update. As the kernels for our legacy platform are stored externally to your system you don’t need to take any further action.

If you’re unsure of the process, or you have any questions please do feel free to get in touch.