Vulnerability Announcement: Dirty COW (CVE-2016-5195)

Dirty COW, also known as  CVE-2016-5195 is a serious vulnerability that affects most Linux Systems.  It’s a silly name for what happens to be a serious problem.

CVE-2016-5195 describes a privilege escalation vulnerability in the Linux Kernel that can allow a local user (like a web hosting account) to gain root access to the server. This can make a bad problem worse – if a Magento store is compromised, it can lead to the attacker taking over the entire server.

The vulnerability is present in all major Linux distributions.  What’s worse, attacks have been observed ‘in the wild’, even before patches were made available.

JetRails Magento clients with eBoundHost are not affected.

Read more about Dirty Cow here:  https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability

Tom P October 25, 2016