On 21st October 2016, a new vulnerability named Dirty COW (CVE-2016-5195) which means Dirty copy-on-write is released. It is a computer security vulnerability for the Linux kernels that affects all Linux-based operating systems Debian, RHEL including Android. It is a local privilege escalation vulnerability that exploits race condition in the implementation of the copy-on-write mechanism. The bug has been lurking in the Linux kernel since version 2.6.22 (released in September 2007), and has been actively exploited at least since October 2016. The severity level of this vulnerability is critical that means it is hightly recommended to all of the linux users to update their kernel, with the help of this vulnerability remote attackers can use it in conjunction with other exploits that allow remote execution of non-privileged code to achieve remote root access on a computer and this attack leaves no traces in the system log.
Now lets talk about how they can affect E-commerce Websites ?
Almost 90% of E-commerce stores are running on either LAMP (Apache) or LEMP (NGINX), which make them vulnerable to Dirty COW because all of them are powered by Linux Kernels, even most of the E-commerce frameworks like Magento are giving notification in their admin panel regarding the same.
Now lets talk about how can we upgrade our linux kernel to get a patch regarding the same vulnerability but here is the catch, you have to reboot your server in response to complete the upgrade on your kernel but if you don’t want any downtime and maintain the high availability of your e-commerce while patching the vulnerability on your E-commerce store then CONTACT US
|
1 2 3 4 |
For UBUNTU and DEBIAN based Servers or Systems sudo apt-get update && sudo apt-get dist-upgrade sudo reboot |
|
1 2 3 4 |
For CentOS based Servers or Systems sudo yum update kernel sudo reboot |