[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Exploit on Whonix?


#1

Is whonix affected? I see that debian 8 kernels previous to 3.16.36-1+deb8u2 for Debian 8 are exploitable.

Introduction

On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time — at least since 2007, with kernel version 2.6.22 — so the vast majority of servers are at risk.

Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. More information can be found on CVE-2016-5195 from Canonical, Red Hat, and Debian.

Fortunately, most major distributions have already released a fix. All of the base images on DigitalOcean have been updated to include the patched kernel versions, so future Droplets you create will not need to be updated. However, if you’re running an older server, you can follow this tutorial make sure you’re protected.

Check Vulnerability
Ubuntu/Debian

To find out if your server is affected, check your kernel version.

uname -rv
You’ll see output like this:

Output
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
If your version is earlier than the following, you are affected:

4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable


#2

Fixed. See:

https://security-tracker.debian.org/tracker/CVE-2016-5195


#3

Most Debian bugs apply to Whonix as well as per https://www.whonix.org/wiki/About#Based_on_Debian.

See also: