Imagine you lived in a luxury high-rise apartment. Chances are, you’d have things inside that home that are valuable to you (computers, TVs, jewelry, and the like)—not to mention your pets and family. Thankfully, your home is protected by an experienced doorman who never lets anyone in who doesn’t have your permission.
Sounds secure—as long as an intruder couldn’t bypass the permission process. Unfortunately that’s exactly what’s happening with the Linux Dirty COW vulnerability. And to make matters worse, this risk has been present for more than nine years—so if you’re using any recent version of Linux or Android, you need to act now.
What We Mean by Dirty COW
Linux uses a Change on Write (or COW) approach to reduce unneeded duplication of memory objects. This works in conjunction with Linux’s Discretionary Access Controls to decide which users get read-only privileges or read-write privileges. However, this permissions framework can be bypassed if a cyber attacker manipulates the COW mechanism to alter read-only memory objects on the system.
While this requires a payload to be installed and executed on the server, this COW exploit allows the attacker to modify and replace a secure command restricted to non-privileged users with a command that could provide root access to the entire system. Because the COW element is what’s been compromised, this attack is known as a Dirty COW. This vulnerability affects anyone using a version of Linux or Android released in the last decade—which includes millions of web servers.
Now for the good news: there is a fix available. This patch will likely require a full reboot of your system (unless you have a special live-patch solution in place), so it’s crucial your IT team has a plan in place based on security and continuity best practices. However (and this is a big however), this vulnerability represents a major wake-up call for any organization that depends on interconnected web based systems—it’s time to get serious about your security if you want your business to survive.
Get Serious about Web Security
As web systems become more complex and interconnected, it’s always safe to assume that new vulnerabilities will emerge. What’s noteworthy in this case is the Dirty COW vulnerability is baked into the Linux system as opposed to being a completely external attack. This suggests application developers should no longer trust the integrity of a host server or kernel; instead, they should work to develop applications that protect themselves from attacks on the kernel.
This makes it even more important to know that your web developers and hosting team are experts in IT security. You need a comprehensive security strategy that keeps attackers as far away as possible from executing arbitrary code on your systems. Before any attackers get close, they should have to first defeat your network firewalls, your intrusion prevention systems, your web filters, and the RBAC protections around your daemons.
In short, it’s time for you to get serious about web security. If you’d like advice from our security experts, feel free to reach out to us on our contact page.
