严重的“脏奶牛”（Dirty COW）漏洞导致数百万Linux用户容易受到攻击

lyhabc

安全专家Phil Oester在Linux内核中发现一个严重的安全漏洞，这个漏洞已经存在九年之久，他建议用户尽快找到并安装修补程序。Dirty COW是一个特权升级漏洞，可以在每个Linux发行版中找到。Dirty COW被描述为Phil Oester在Linux中发现的最严重的漏洞之一，漏洞分配代码编号是CVE-2016-5195，有证据表明该漏洞已被利用，安全人员建议用户应该尽快修补漏洞。

虽然目前该漏洞已经修补，但重要的是Linux用户是否已经知晓这个漏洞，并且安装了修补程序。目前，世界各地许多Web服务器已经采用Linux操作系统，因此，这个潜伏长达9年的安全漏洞潜在影响是巨大的。这个漏洞的特别之处在于，防病毒和安全软件无法检测，一旦被利用，用户根本无从知晓。

红帽官网表示，Dirty COW漏洞利用Linux内核的内存子系统处理和只读存储器映射写入时复制COW的竞争条件，黑客可以使用这个缺陷来获得对其它只读存储器映射的写入访问，从而增加它们在系统上的特权。

奶牛cow=cow写入时复制copy on write

action08

New Debian Linux Kernel Update Addresses "Dirty COW" Bug, Three Security Issues
http://www.tuicool.com/articles/YrQfaan


On October 19, 2016, Debian developer Salvatore Bonaccorso announced the availability of a new, important kernel update for the stable Debian GNU/Linux 8 "Jessie" series of operating systems.

The update promises to patch a total of four Linux kernel security vulnerabilities documented as CVE-2015-8956 , CVE-2016-7042 , CVE-2016-7425 , and CVE-2016-5195 , which some of you know as the ancient "Dirty COW" bug that could have allowed a local attacker to run programs with system administrator (root) privileges.

"Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks," reads Debian Security Advisory DSA-3696-1 . "Additionally this update fixes a regression introduced in DSA-3616-1 causing iptables performance issues (cf. Debian Bug #831014)."
"Debian Jessie users urged to update their systems immediately"

Apart from fixing the "Dirty COW" bug, the new Debian kernel patch also addresses an issue discovered in Linux kernel's RFCOMM Bluetooth socket handling, which could have allowed an attacker to cause a denial of service (system crash) or access sensitive information.

Additionally, the kernel update patches an incorrect buffer allocation issue discovered by Ondrej Kozina in Linux kernel's proc_keys_show() function, which allowed a local attacker to cause a denial of service (system crash), and a buffer overflow in Linux kernel's arcmsr SCSI driver, which allowed a local attacker to cause a denial of service or execute arbitrary code. The issue was discovered by Marco Grassi.

Debian Projects urged all users of the Debian GNU/Linux 8 "Jessie" operating system to update the kernel packages as soon as possible to version 3.16.36-1+deb8u2 , which is now available in the stable repositories. For more information on this update, we recommend checking the CVEs above or visit https://www.debian.org/security/ .

action08

我大便用户20号就修复漏洞了，你新闻27号才发布，难怪我找不到最新的补丁