Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.
- An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system and gain root access instantly.
- This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.
It’s highly recommended to patch the system kernel in all Debian, Ubuntu, CentOS and RHEL distros to prevent system breakage.
Are you running a vulnerable version?
If you are not a customer subscribed under our Server Management plan and would like to have this vulnerability patched please purchase a 1x Hour of Support plan.
Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!
There is a new SSHD rookit rolling around since few days ago, it looks it’s affecting mostly RHEL/CentOS servers.
Servers with cPanel, Plesk, VirtualMin and DirectAdmin are affected well.
According to a Security Audition in one of the hacked servers we found the Rootkit deposits files in /lib64 and /lib, main file name is libkeyutils.so.1.9.
It changes symlinks of /lib64/libkeyutils.so.1 to point to the mentioned lib.
We believe this lib is capable of stealing passwords, SSH keys and /etc/shadow files from the server. It’s also used as a backdoor to
gain access to the server through a different port, the rootkit will also modify all the authentication mechanisms of the server preventing any login or command history to be logged through this backdoor.
The intruder has full root access which means there is a exploit among with this rootkit capable of root privilege escalation.
You can see if your server is infected by running the following script:
# wget -qq -O - http://www.serverbuddies.com/files/libkeyutilscheck.sh | sh
We highly encourage our customers to submit a 1x Hour of Support if you see the script is showing your server as compromised.
Don’t hesitate to contact our Support Team for any inquiry you may have!
Will manually updated MySQL,work with cPanel & WHM?
Yes, but you will need to disable MySQL updates on the Update Preferences screen:
1. Go to Main >> Server Configuration >> Update Preferences.
2. Under cPanel Package Updates >> mysqld, click Never.
3. Click Save at the bottom of the page.
There may be compatibility problems with any software you choose to install manually.
Cpanel only supports MySQL versions that they supply with cPanel & WHM.
Installing Softaculous in Direct Admin
Note: Before starting the installation make sure ionCube Loaders are enabled. Otherwise you will not be able to Install Softaculous. The ionCube Loaders can be downloaded at the ionCube Downloads
Now SSH to your server and enter following commands:
wget -N http://www.softaculous.com/da/install_softaculous.php
chmod 755 install_softaculous.php
The Installer will start showing the Installation Processes and when done will indicate the same. NOTE: Scripts will be downloaded during this process. The Download Activity will also be shown on the screen.
Recompile php in DirectAdmin
If you run into problems after Adding custom modules to apache for customapache, you may also need to recompile php as well:
Then restart apache:
/sbin/service httpd restart
And for FreeBSD:
Source : http://directadmin.com