C8072e51a670d5bd03c6852f6787e1b6cb51987c
By:
Johnnierock

Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html

October 24, 2016 997 views
Security CentOS

I received a Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html pertaining to a race condition that was found in the way the Linux kernel's memory subsystem
handled the copy-on-write. Although this is a local user exploit it draws up the question, what is the turn-a-round time Digital Ocean will provide a kernel available to us when these exploit notifications are released?

Log In to Comment
1 Answer
xMudrii October 24, 2016

As far as I know, you are able to upgrade kernel to newer one which have it fixed. Even on DigitalOcean.

On day COW was disclosured, DigitalOcean published tutorial with steps needed to protect your Droplet. You can read it in How To Protect Your Server Against the Dirty COW Linux Vulnerability. It have steps for both Ubuntu/Debian and CentOS.

I hope you meant on this, sorry if I misunderstood the question

How To Protect Your Server Against the Dirty COW Linux Vulnerability
On October 21, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. This tutorial explains how to protect your server from this vulnerability.
Reply
  • Johnnierock October 31, 2016

    Yes I have tried this but cannot get a branded kernel to work with IP tables on your platform. When will Digital Ocean have a kernel available for Centos 7 to rectify this?

    • xMudrii October 31, 2016

      DigitalOcean let's you manage kernel how you want. You should be to install any version you want.

      Keep in mind that if your Droplet is older you need to update to internally managed kernel and then use method in above article to update.
      Learn more about it in tutorial.

      For problems with iptables, or for any further instructions feel free to ask here or contact support.

      How To Update a DigitalOcean Server's Kernel
      Updating the kernel on your DigitalOcean Droplet is a straight forward process that differs slightly based on the Droplet's operating system. In this guide, we'll walk you through the process of updating your kernels for DigitalOcean Droplets.
Have another answer? Share your knowledge.

Related Questions