Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

LATE: F23-20160512 Lives & F24 Betas Available.

Back on May 12th,  the team re-spun the Lives with the 4.4.9-300 kernel.

Also back on the 10th Fedora 24 Officially  went  Beta Public Test phase.

 

Lives are available at the usual  link:

http://www.tinyurl.com/live-respins

The Betas are  available at the following links (Depending on your spin)

https://torrents.fedoraproject.org

https://getfedora.org/en/prerelease

https://spins.fedoraproject.org/en/prerelease

https://labs.fedoraproject.org/en/prerelease

Just a small few side notes on the  Betas:

  • All download sites ARE localized (aka if you’re in a non-English speaking country the /en/  will auto detect and change to suit
  • RPMFusion does not yet  track Fedora 24  (They had some  Infrastructure and setup issues with Koji but have plans to solid NLT  June 14th (Official GA release Day)
  • Fedora 24  uses updates-testing repo to maintain updates in the Beta / Pre-Release phase, so ensure  that your fedora-updates-testing.repo looks like below:

[updates-testing]
name=Fedora $releasever – $basearch – Test Updates
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=1    ***

[updates-testing]
name=Fedora $releasever – $basearch – Test Updates
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[updates-testing-debuginfo]
name=Fedora $releasever – $basearch – Test Updates Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[updates-testing-source]
name=Fedora $releasever – Test Updates Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[updates-testing-debuginfo]
name=Fedora $releasever – $basearch – Test Updates Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[updates-testing-source]
name=Fedora $releasever – Test Updates Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

*** This needs to stay at  Enabled=1 thru GA release day,  dnf will auto disable when the time comes, if you wish to remain getting testing  stuffs at that point  open that file in your text editor of choice and  s/0/1     and save.

  • There is a un-official repo like RPMFusion that hosts pre-release versions of the codecs from rpmfusion,  can add it with:

# dnf config-manager --add-repo=https://gitlab.com/FedoraUnited/repository/raw/master/unitedrpms.repo

I've been a bit slammed lately  but plan to have the usual  checksums up by morning.

F23-20160428 Updated Lives Available NOW!! (4.4.8-300)

Hello again fellow Fedorians,

Last night, 4.4.8-300 was deemed stable and we have new updated lives f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160428.

%CHANGELOG

20160428 Kernel Fixes / Package Updates

Kernel Update info (bodhi)

  • 4.4.8-300
  • CVE 2016-3961 — xsa174 xen: hugetblfs crashing guests (PV Guests) rhbz # 1323956
  • rhbz # 1309980 skylake p_state won’t boot
  • CVE 201-3955 —  kernel usbip: buffer overflow trusting length of  IP packets rhbz #1328479
  • rhbz # 1309487 RTL8723BE chipset has  weak signal

Package  Updates:  285  in total

Notable updates:

  • abrt including addons
  • avahi
  • bluez
  • cinnamon-devel
  • cinnamon-docs
  • cinnamon itself
  • eclipse
  • OCE

https://linuxmodder.fedorapeople.org/live-respins/updates.txt

Where to get them? F23 Live-Respins (ISOs) (updated to 20160428/4.4.8-300)

Want to torrent pull? F23 Live Respins (Torrents) (updated to 201604028/4.4.8-300)

Need Torrent Hashes ? F23-20160420 ISO Checksums & Torrent Hashes

New Feature: rsyncd is now running for the respins  you can obtain them via this method at:

rsync://dl.fedoraproject.org/fedora-live-respins

Per request from a few folks I have  pgp signed  the  hash files and  a non gpg signed hash files (which  both match for those that have  shown fears of a  modified  hash / MiTM… The key used is my  Fedora key: OxD2264944  FP: 6292 9ABD 6374 6AA7 6D4B 730F 5927 6298 D226 4944

Want to run a installfest / have options for install? F23-20160428 Multi Boot ISO (x86_64 Only) — I can help you create a Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.  (Due to migration the MultiBoot will be delayed however the checksum is  available in its the usual location.

LATE POST: F23-20160408 Updated Lives Availabel (4.4.6-301 + Several bug fixes)

Hello again fellow Fedorians,

Last friday, 4.4.6-301 was deemed stable and we have new updated lives  f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160408.

%CHANGELOG

20160408 Kernel Fixes / Changelog

  • 4.4.6-301

 

Where to get them? F23 Live-Respins (updated to 20160408/4.4.6-301)

Want to torrent pull? F23 Live Respins (updated to 20160408/4.4.6-301)

No Torrent Hashes ? F23-20160408 ISO Checksums & Torrent Hashes

Want to run a installfest /  have options for  install? F23-20160408 Multi Boot ISO (x86_64 Only) — I can help you create a  Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Look out for posts | tutorials  | github repo creation / modifications for  this as well in the coming  week(s).

F23-20160324 Updated Lives Available (4.4.6-300 Kernel)

Hello again fellow Fedorians,

Last night 4.4.6-300 was deemed stable and today we have new updated lives  f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160324.

%CHANGELOG

20160324 Updates Changelog

  • 4.4.6-300

Nearly  815  assorted updates, among them were several large update suites for:

  • cinnamon
  • kde
  • playonlinux
  • wine
  • eclipse
  •  evolution
  • git
  • glusterfs
  • libpurple
  • libcacard (smartcards)
  • libvirt
  • qemu/kvm
  • owncloud
  • php
  • python2/3 (various updates)
  • qtwebkit
  • xen

Where to get them? F23 Live-Respins (updated to 20160324/4.4.6-300)

Want to torrent pull? F23 Live Respins (updated to 20160324/4.4.6-300)

No Torrent Hashes ? F23-20160324 ISO Checksums & Torrent Hashes

Want to run a installfest /  have options for  install? F23-20160324 Multi Boot ISO (x86_64 Only) — I can help you create a  Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Look out for posts | tutorials  | github repo creation / modifications for  this as well in the coming  week(s).