How to make sure that my operating system is not affected by CVE-2016-5195 (Dirty COW)?

Question

I am running following version of Linux operating system.

Distributor ID: Debian
Description:    Debian GNU/Linux 7.2 (wheezy)
Release:        7.2
Codename:       wheezy

I am not sure whether this version is affected by CVE-2016-5195

Can some one help me out to clear my doubt?

Update : After running the command mentioned by AliCelebi I get following

3.2.28-cerberhost-0.6-modules-grsec

So perhaps this is on a VPS, with the OS installed by the VPS provider? Perhaps its time to call customer support. — infixed, Oct 25 '16 at 14:26
After apt-get update && apt-get upgrade && apt-get dist-upgrade, make sure to reboot the box — , Oct 25 '16 at 17:15
@StackOverflowed Windows doesn't have good fonts and does have BSOD, so even better is to use OS X aka macOS — Display Name, Oct 25 '16 at 18:44
@SargeBorsch \*cough\* who cares about BSOD? It's a privacy nightmare in the first place. — Samuel Shifterovich, Oct 25 '16 at 20:21
I think anyone who took my suggestion seriously... shouldn't have. — StackOverflowed, Oct 25 '16 at 22:03
@StackOverflowed Sadly, nuances of humor/sarcasm/etc don't convey themselves well when transcribed without additional cues that are normally non-verbal, and will inevitably be misconstrued given a broad-enough audience, especially when it's at all conceivable that a person somewhere in the world could make such a statement seriously. — mtraceur, Oct 26 '16 at 05:21

score 19 · Accepted Answer · edited Oct 25 '16 at 11:34

19

You can do uname -rv to find out your Linux kernel version. You will get an output similar to below:

4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016

If your version is earlier than the following, you are affected:

4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable

edited Oct 25 '16 at 11:34

Anders

64,406
24
178
215

answered Oct 25 '16 at 11:27

HadidAli

560
3
10

The command shows: 3.2.28-cerberhost-0.6-modules-grsec – Mukesh Oct 25 '16 at 11:32
It appears that your system is vulnerable to Dirty CoW. You can upgrade your Linux Kernel to stay protected against this vulnerability. – HadidAli Oct 25 '16 at 11:55

score 5 · Answer 2 · edited Oct 25 '16 at 18:42

According to security-tracker.debian, You need to run uname -a and verify your current kernel version .

wheezy  3.2.78-1                        vulnerable
wheezy (security)   3.2.82-1            fixed
jessie  3.16.36-1+deb8u1                vulnerable
jessie (security)   3.16.36-1+deb8u2    fixed
stretch, sid    4.7.8-1                 fixed

This vulnerability is patched under debian , by upgrading your system :

apt-get update
apt-get upgrade
apt-get dist-upgrade

Edit

How to make sure that my operating system is not affected by CVE-2016-5195?

You can try the following tutorial.

Download the exploit.

wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c

As root : Create the foo file:

su
echo this is not a test > foo

As user :

gcc -lpthread dirtyc0w.c -o dirtyc0w
gcc -pthread dirtyc0w.c -o dirtyc0w
./dirtyc0w foo m00000000000000000

Verify your file:

cat foo

On vulnerable machine you will get m00000000000000000 as output.

How to make sure that my operating system is not affected by CVE-2016-5195 (Dirty COW)?

2 Answers2