• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
    • Managed Service Providers
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Certification
    • MARS-E Assessment
    • PCI SSF
    • P2PE Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Blog
    • Tools
    • Become a Partner
  • Contact Us
  • English

Dirty COW Vulnerability Advisory

You are here: Home / Newsletters / Dirty COW Vulnerability Advisory
ControlCase No Tag LOGO md

Dirty COW Vulnerability Advisory

This is a security advisory on the Dirty COW Vulnerability.

What is Dirty COW Vulnerability?

Dirty COW is a privilege escalation vulnerability in the Linux Kernel. The Dirty COW vulnerability allows attackers to gain root access to servers and take control over the whole system and therefore considered as critical vulnerability.

The security hole was detected by researcher Phil Oester, who found out a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakages of private read-only memory mappings. The bug has existed since around 2.6.22 (released in 2007) and was fixed on Oct 18, 2016. Dirty Cow is referenced by CVE-2016-5195.

Dirty Cow is a class of vulnerability known as a “privilege escalation bug”, which means that it allows an attacker which has already gained some measure of control over a specific computer to leverage that into total control.

Who is Vulnerable?

The issue most probably affects number of Linux based machines.

According to the reports, the following Linux distro versions are vulnerable (please note that this is not a complete list but rather a list of the most popular Linux distros):

  1. Red Hat Enterprise Linux 7.x
  2. Red Hat Enterprise Linux 6.x
  3. Red Hat Enterprise Linux 5.x
  4. CentOS Linux 7.x
  5. CentOS Linux 6.x
  6. CentOS Linux 5.x
  7. Debian Linux wheezy
  8. Debian Linux jessie
  9. Debian Linux stretch
  10. Debian Linux sid
  11. Ubuntu Linux precise (LTS 12.04)
  12. Ubuntu Linux trusty
  13. Ubuntu Linux xenial (LTS 16.04)
  14. Ubuntu Linux yakkety
  15. Ubuntu Linux vivid/ubuntu-core
  16. SUSE Linux Enterprise 11 and 12.
  17. Openwrt
  18. Android

How to check if server is vulnerable

Ubuntu/Debian systems.

To find out if your server is affected, check your kernel version.

uname -rv

You’ll see output like this:

Output:
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is earlier than the following, you are affected:

  1. 4.8.0-26.28 for Ubuntu 16.10
  2. 4.4.0-45.66 for Ubuntu 16.04 LTS
  3. 3.13.0-100.147 for Ubuntu 14.04 LTS
  4. 3.2.0-113.155 for Ubuntu 12.04 LTS
  5. 3.16.36-1+deb8u2 for Debian 8
  6. 3.2.82-1 for Debian 7
  7. 4.7.8-1 for Debian unstable

CentOS

Some versions of CentOS can use this script provided by RedHat for RHEL to test your server’s vulnerability. To try it, first download the script.

wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh

Then run it with bash.

bash rh-cve-2016-5195_1.sh

If you’re vulnerable, you’ll see output like this:

OutputYour kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.

Red Hat recommends that you update your kernel. Alternatively, you can apply partial mitigation described at https://access.redhat.com/security/vulnerabilities/2706661

How ControlCase CaaS Customers can request a test for Dirty COW Vulnerability?

ControlCase Compliance as a Service (CaaS) customers can request “Dirty COW Vulnerability Scan” by using following steps:

    1. Login to IT GRC portal
    2. Click “External PT Scan Form” link on the dashboard

cd2ddc5b-5898-4311-9f66-d37603a72d51

    1. Fill the External Network Penetration Test form with all the details and mention “Dirty COW Vulnerability Scan” before filling public IP addresses against #6

a7ba9013-c757-4fa0-8f1b-2f8ee2b81d85

    1. You must provide credentials to do the authenticated scan.
    2. Once form is filled completely, click Notify button on top right corner.

737c1035-cb85-4c78-a695-131d6153e12b

Note: We will require credentials (other than root) to detect this flaw during scan.

This scan can also be performed for Internal Systems from the ControlCase Appliance.

How to fix

Ubuntu and Debian

On Ubuntu and Debian, upgrade your packages using apt-get.

sudo apt-get update && sudo apt-get dist-upgrade

You can update all of your packages on CentOS 6 and 7 with sudo yum update, but if you only want to update the kernel to address this bug, run:

sudo yum update kernel

References and Useful Links

https://dirtycow.ninja/
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://www.siteground.com/blog/dirty-cow-vulnerability/
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-dirty-cow-linux-vulnerability

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC1, SOC2, SOC3, HIPAA/HITRUSTâ„¢, ISO 27001/2, SSAE16, PIPEDA, FERC/NERC, Sarbanes Oxley (SOX), GLBA, CoBIT, BITS FISAP and EI3PA.

https://www.controlcase.com


  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
3975 FAIR RIDGE DR STE T25S-D
FAIRFAX, VA 22033

Send us a message

Call Us

Search

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific, Australia and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • PCI SSF
  • P2PE Certification
  • SOC2 Report

© ControlCase LLC 2025 | Privacy Policy | Impartiality Statement | Legal Notices

  • English
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}