Skip to content
AtlanticBT Monogram Atlanticbt.com
Menu
November 10, 2016

Protect Your IT from a Dirty COW

capabilities covered
CISO as a Service

Imagine you lived in a luxury high-rise apartment. Chances are, you’d have things inside that home that are valuable to you (computers, TVs, jewelry, and the like)—not to mention your pets and family. Thankfully, your home is protected by an experienced doorman who never lets anyone in who doesn’t have your permission.

Sounds secure—as long as an intruder couldn’t bypass the permission process. Unfortunately that’s exactly what’s happening with the Linux Dirty COW vulnerability. And to make matters worse, this risk has been present for more than nine years—so if you’re using any recent version of Linux or Android, you need to act now.

What We Mean by Dirty COW

Linux uses a Change on Write (or COW) approach to reduce unneeded duplication of memory objects. This works in conjunction with Linux’s Discretionary Access Controls to decide which users get read-only privileges or read-write privileges. However, this permissions framework can be bypassed if a cyber attacker manipulates the COW mechanism to alter read-only memory objects on the system.

While this requires a payload to be installed and executed on the server, this COW exploit allows the attacker to modify and replace a secure command restricted to non-privileged users with a command that could provide root access to the entire system. Because the COW element is what’s been compromised, this attack is known as a Dirty COW. This vulnerability affects anyone using a version of Linux or Android released in the last decade—which includes millions of web servers.

Now for the good news: there is a fix available. This patch will likely require a full reboot of your system (unless you have a special live-patch solution in place), so it’s crucial your IT team has a plan in place based on security and continuity best practices. However (and this is a big however), this vulnerability represents a major wake-up call for any organization that depends on interconnected web based systems—it’s time to get serious about your security if you want your business to survive.

Get Serious about Web Security

As web systems become more complex and interconnected, it’s always safe to assume that new vulnerabilities will emerge. What’s noteworthy in this case is the Dirty COW vulnerability is baked into the Linux system as opposed to being a completely external attack. This suggests application developers should no longer trust the integrity of a host server or kernel; instead, they should work to develop applications that protect themselves from attacks on the kernel.

This makes it even more important to know that your web developers and hosting team are experts in IT security. You need a comprehensive security strategy that keeps attackers as far away as possible from executing arbitrary code on your systems. Before any attackers get close, they should have to first defeat your network firewalls, your intrusion prevention systems, your web filters, and the RBAC protections around your daemons.

In short, it’s time for you to get serious about web security. If you’d like advice from our security experts, feel free to reach out to us on our contact page.

capabilities covered
CISO as a Service

The Atlantic BT Manifesto

The Ultimate Guide To Planning A Complex Web Project

Partner With Us

Ready for modern web technology and a sharp, user-friendly design? We want to give you exactly that. Contact us to get started.

Contact

Insights

Atlantic BT's Insights

We’re sharing the latest concepts in tech, design, and software development. Learn more about our findings.

Questions & Answers

1 What is the best web development framework?
Many people commonly ask “what is a framework in web development?” Web development frameworks can easily be confused with web development tools, languages, or parts of the web development stack (like PHP, Ruby, or Javascript).
Learn More
1 What is the best programming language for web development?
If there was one “best” programming language, then everything else would be obsolete. The reality is that there are so many different programming languages because there is no “best” language for any situation.
Learn More
1 How much does web development cost?
Web development can vary from a few hundred to millions of dollars depending on what is needed. You may simply need some changes to something that already exists, or you'd like to build a large or complex application.
Learn More
1 What is front end vs. back end development?
As web development evolved, it separated into logical specialization: front end web development and back end development. While back end development involves the server-side development, front end is the final rendering.
Learn More
1 What is full stack web development?
Full stack web development as a term evolved due to the separation of roles between front end and back end developers. A “full stack” developer is a developer that can work in both front end and back end technologies.
Learn More
1 Are there differences in application architecture that are important for the cloud?
It is important to build applications and workloads specifically for the cloud. You will want to carefully consider what services the cloud provider of your choice has to offer and how your application leverages those services.
Learn More
1 Are there any drawbacks to cloud hosting?
Yes, there will always be some risks associated with any hosting option. You are relying on the resiliency and engineering of infrastructure that has scaled at an astounding rate.
Learn More