Subject: | |
From: | |
Reply To: | |
Date: | Sun, 23 Oct 2016 11:16:51 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Sun, Oct 23, 2016 at 9:38 AM, ~Stack~ <[log in to unmask]> wrote:
> On 10/22/2016 02:52 PM, Denice wrote:
>> As well, the importance of this vulnerability hinges on user access;
>> in SANS newsbites yesterday, one of the editors made this remark
>> about this kernel vulnerablity (branded by the person(s) who raised
>> the issue: "Dirty Cow"):
>>
>> This is a privilege escalation vulnerability that was introduced in
>> Linux
>> about 11 years ago. An exploit has been used in some attacks to take
>> advantage of this vulnerability, but the exploit has not been made
>> public yet. Systems based on RedHat ES 5 and 6, which are vulnerable,
>> appear to be not susceptible to the exploit as this particular exploit
>> requires write access to /proc/self/mem. Given that this exploit
>> requires user access, and the actual exploit is only in limited
>> distribution (but this may change soon), "branding" this exploit is
>> hyping a minor and common vulnerability and only serves to distract
>> administrators from more important tasks. Deal with patches for this
>> vulnerability like you would deal with any other kernel patch.
>>
>> https://www.sans.org/newsletters/newsbites/xviii/84
>
> Well said. Thank you for that link.
It's also a good reminder of why "defense in depth" matters.
Throughout my career, I've run into programmers and even admins who
say "we have a firewall!" as their approach to security, and leave
themselves wide open to various escalation attacks because they cannot
or will not pay attention to updates or lingering out-of-date software
issues.
|
|
|