cancel
Showing results for 
Search instead for 
Did you mean: 

Dirty COW linux OS Vulnerability

Dirty COW linux OS Vulnerability

My magento admin panel displaying a message "Dirty COW Linux OS Vulnerability"

How to solve it.

 

 

thanks in advance

4 REPLIES

Re: Dirty COW linux OS Vulnerability

Hi @praveensh

 

You have to upgrade your Linux kernel to fix the issue. Please read this article CVE-2016-5195 (Dirty COW) Vulnerability on community forums by JLHC.

 

You may read the following article also to find out whether your Linux version is affected by it or not How to make sure that my operating system is not affected by CVE-2016-5195 (Dirty COW)?

 

If you do not have experience of handling all these upgrades. Please contact your hosting provider.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Dirty COW linux OS Vulnerability

Hi @muk_t

 

How about KernelCare?

I think magento should check if kcarectl is present in system and check kcarectl --uname...

is the any way to disable this backend notification in magento?

 

[root@server ~]# uname -r
2.6.32-573.12.1.el6.x86_64
[root@server ~]# kcarectl --uname
2.6.32-642.6.2.el6.x86_64

[root@server ~]$ bash rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-573.12.1.el6.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661

 

I've replaced 

running_kernel=$( uname -r)

to

running_kernel=$( kcarectl --uname )

in

https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

[root@server ~]$ bash rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-642.6.2.el6.x86_64 which is NOT vulnerable.

 

Re: Dirty COW linux OS Vulnerability

Hi @cyb3rua

 

I don't have knowledge about the KernelCare. 

I think @JLHC should be able to answer this question for you.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Dirty COW linux OS Vulnerability

@cyb3rua: KernelCare patched the vulnerability quite a while ago and there's nothing that you will need to do if you run KernelCare (not even reboot is required). 

 

Magento doesn't check if your server is vulnerable. The notification is just that, a courtesy notification to let you know of serious security vulnerabilities that can affect your Magento store. 

James Lee | Moderator • Magento Master
See My Recommended Magento Hosting & Security Tips