On Sun, Oct 23, 2016 at 9:38 AM, ~Stack~ <i.am.st...@gmail.com> wrote: > On 10/22/2016 02:52 PM, Denice wrote: >> As well, the importance of this vulnerability hinges on user access; >> in SANS newsbites yesterday, one of the editors made this remark >> about this kernel vulnerablity (branded by the person(s) who raised >> the issue: "Dirty Cow"): >> >> This is a privilege escalation vulnerability that was introduced in >> Linux >> about 11 years ago. An exploit has been used in some attacks to take >> advantage of this vulnerability, but the exploit has not been made >> public yet. Systems based on RedHat ES 5 and 6, which are vulnerable, >> appear to be not susceptible to the exploit as this particular exploit >> requires write access to /proc/self/mem. Given that this exploit >> requires user access, and the actual exploit is only in limited >> distribution (but this may change soon), "branding" this exploit is >> hyping a minor and common vulnerability and only serves to distract >> administrators from more important tasks. Deal with patches for this >> vulnerability like you would deal with any other kernel patch. >> >> https://www.sans.org/newsletters/newsbites/xviii/84 > > Well said. Thank you for that link.
It's also a good reminder of why "defense in depth" matters. Throughout my career, I've run into programmers and even admins who say "we have a firewall!" as their approach to security, and leave themselves wide open to various escalation attacks because they cannot or will not pay attention to updates or lingering out-of-date software issues.