Patching for CVE-2016-5195 (Dirty Cow)


If you have not been following the news a new(ish) exploit is in town – Dirty Cow. This one is pretty bad in the sense it could allow (any) user root access to your precious systems with a simple exploit. The only reason I am telling you this is because many people out there will set up a Linux server of sorts and just leave it, unpatched and open for attack hoping to beat some uptime record.

Whilst it is true that Linux doesn’t require as many reboots as Windows it is still important to focus on the security of your hosts to protect you and others from something that could potentially go all botnet on you. This does however open up some doors to some devices that were once restricted, have SSH / Telnet access and unprivileged access to gain root however like my Cambium E400 access point I’ve been begging for root access on (and now have – in a way). But – if you’ve got servers out there ensure you do patch them… Checking for the exploit is rather simple and can be done with a few lines:

curl > dirtyc0w.c echo Testing > test chmod 0404 test gcc -pthread dirtyc0w.c -o dirtyc0w 
./dirtyc0w test moooo?

Now, if you’re vulnerable you’ll get the following output:

[email protected]:~$ cat test

However, if you’re not you’ll just wind up with “Testing” for the output.


Most Linux based operating systems have updates available via your package manager – essentially you’ll just need to update your Linux kernel to one that is not on the below list and reboot. A simple package update and reboot should cover it, repeat the test above if you want to be sure you’ve mitigated yourself. Take a look at this post by DigitalOcean for a good write-up.

Android is also affected – you’ll need to wait for a patch from your device manufacturer however this may be a good chance to gain root on your previously unrootable device?

So, patch thy systems.


Leave a Reply

Your email address will not be published. Required fields are marked *

17 + nineteen =