We have been receiving a lot of questions and concerns from EasyEngine users about Dirty Cow, which is why we thought it best to write this post.
Below is tweet showing concern raised by Vikram.
Any update on DirtyCow @easyengine ?
— Vikram 👨💻 (@vikramuk) October 29, 2016
What is Dirty Cow?
Dirty Cow is a Linux kernel vulnerability that can be exploited to elevate an unauthorized user’s system privileges. Without going too far into the specifics, an attacker can take advantage of a flaw in the copy-on-write (COW) mechanism in the Linux kernel to gain root access to a system.
Is EasyEngine affected?
EasyEngine is not affected by this vulnerability. This is because Dirty Cow affects the layer “beneath” EasyEngine, as shown in the diagram below.
As with most modern systems, the OS is not directly visible to a user, especially someone who doesn’t have access to your server. Any potential intruder will have to obtain direct access to your server to cause you any harm. In other words, Dirty Cow cannot be exploited remotely without the help of another security flaw.
What should I do?
Dirty Cow has caused a major splash in the technology world, with many news outlets picking up on the hype.
Regardless of how dangerous this exploit is, this should serve as a reminder of the importance security measures. We recommend that you take this opportunity to have a look at your security setup and tie up any loose ends.
Most major Linux distributions have already acknowledged and started work fixing this issue.
apt-get update && apt-get upgrade
As EasyEngine is not affected, there will be no update or patch release. That’s one less update to worry about 🙂
Feel free to start a conversation via the comments below or our social channels. Have a safe weekend!