Start a conversation

Security Advisory & Maintenance - CVE-2016-5195 (Dirty COW)

Encoded is issuing a Security Advisory for CVE-2016-5195 (Dirty COW) and notifying of subsequent maintenance.

Description: 

A race condition has been found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. This is known as an escalation-of-privilege attack.

Risk: 

This issue affects the Linux kernel packages of distributions used by Encoded. The flaw requires an attacker to already have access to a local host, following which the flaw can be used to escalate the privileges of an attacker's user account, providing them administrative/super-user access. 

Currently, there is no unprivileged local user access available from the public Internet to any of Encoded's secure systems, and all access provided internally requires multiple factors of authentication for all local user accounts, including those with minimal privileges.

Encoded has performed a Risk Assessment and considers this flaw to be of Low Likelihood but potentially High Impact, with an overall Risk of Moderate.

Action:

Encoded will be patching all internal systems to ensure that they are protected against this flaw. 

Services Affected:

All of Encoded's systems running the Linux operating system will be patched and restarted.

Customer services will not be affected directly, but may have reduced redundancy during the maintenance period.

 

If you have any questions or comments regarding this notice, please do not hesitate to contact us by opening a Helpdesk ticket.

Choose files or drag and drop files
Helpful?
Yes
No
  1. Adam Bromage-Hughes

  2. Posted

Comments