Saturday, 22 October 2016

Dirty COW exploit and Automatic Security Updates

The announcement this week of the Dirty COW (CVE-2016-5195), a privilege escalation vulnerability in the Linux Kernel reminded me to check my Ubuntu systems to ensure I had Automatic Security Updates activated.

This ancient bug has came to light now as, there is code in the wild using the vuneralbility that makes patching the Kernel a necessity. Systems that use the Linux OS need patching. This includes Android devices.

My home server and workstation already had Automatic Security Updates activated but, my Kodi Media Center did not.

I first wanted to check if I had been patched
zgrep -ie "\(CVE-2016-2108\|CVE-2016-2107\)" /usr/share/doc/libssl1.0.0/changelog.Debian.gz

Should respond
Debian
* Fix CVE-2016-2107
* Fix CVE-2016-2108

Ubuntu
- debian/patches/CVE-2016-2107.patch: check that there are enough
- CVE-2016-2107
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
- CVE-2016-2108

If your Android device prompts you for a System Update, don't ignore it, run it.

Automatic Security Updates
To check if your Debian / Ubuntu system has Automatic Security Updates is installed, you can manually run it with verbose.
sudo apt-get update
sudo unattended-upgrades -v

If this gives an error then, it is not installed so execute
sudo dpkg-reconfigure --priority=low unattended-upgrades

Once installed, check that
cat /etc/apt/apt.conf.d/20auto-upgrades

This should result in
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

If not, edit the file and set APT::Periodic::Unattended-Upgrade to "1".

References:
https://dirtycow.ninja/
https://help.ubuntu.com/community/AutomaticSecurityUpdates