On Sun, Oct 23, 2016 at 9:38 AM, ~Stack~ <[log in to unmask]> wrote:
> On 10/22/2016 02:52 PM, Denice wrote:
>> As well, the importance of this vulnerability hinges on user access;
>> in SANS newsbites yesterday, one of the editors made this remark
>> about this kernel vulnerablity (branded by the person(s) who raised
>> the issue: "Dirty Cow"):
>>
>>    This is a privilege escalation vulnerability that was introduced in
>> Linux
>>    about 11 years ago. An exploit has been used in some attacks to take
>>    advantage of this vulnerability, but the exploit has not been made
>>    public yet. Systems based on RedHat ES 5 and 6, which are vulnerable,
>>    appear to be not susceptible to the exploit as this particular exploit
>>    requires write access to /proc/self/mem. Given that this exploit
>>    requires user access, and the actual exploit is only in limited
>>    distribution (but this may change soon), "branding" this exploit is
>>    hyping a minor and common vulnerability and only serves to distract
>>    administrators from more important tasks. Deal with patches for this
>>    vulnerability like you would deal with any other kernel patch.
>>
>> https://www.sans.org/newsletters/newsbites/xviii/84
>
> Well said. Thank you for that link.

It's also a good reminder of why "defense in depth" matters.
Throughout my career, I've run into programmers and even admins who
say "we have a firewall!" as their approach to security, and leave
themselves wide open to various escalation attacks because they cannot
or will not pay attention to updates or lingering out-of-date software
issues.