Highlighted
Enthusiast
Enthusiast

"Dirty COW" and VMware Products?

Hi,

I checked here AdvisoriesI did not see any insight in the latest Linux VUN dubbed "Dirty COW"

So I am posting here for a discussion.

Do we have any news of how VMware maybe affected by this virus?

CVE-2016-5195, a kernel privilege escalation bug tagged "Dirty COW".

Thanks

Jeff

4 Replies
Highlighted
Contributor
Contributor

I am interested to find out too. I have logged a Case to VMware for their advice.

Highlighted
Enthusiast
Enthusiast

It would be great to find out the outcome of the case your logged, as there is nothing from VMware yet, and Security is on my back.

Highlighted
Contributor
Contributor

the VMware vCenter appliances run opensuse linux, so most likely they are vulnerable to dirty c0w vulnerability. I'm sure VMware will release patch but I have found its possible to patch manually using opensuse repository. I have done this for vCenter

5.5 appliance, have not tested 6.x

  1. SSH into your vCenter appliance
  2. Add the opensuse kernel repo by running this command - zypper ar -f http://download.opensuse.org/repositories/Kernel:/SLE11-SP4/standard/ kernel
  3. Refresh the repo - zypper ref
  4. Update kernel - zypper dup -r kernel
  5. After update completes, reboot appliance

This will upgrade kernel to 3.0.101-292.g0e83e89-default (at time of this writing) which is not vulnerable to dirty c0w. Note that if you're using 6.x appliance then you will almost certainly need to use a newer kernel repo.

I don't know about ESXi server. I tested ESXi 5.1 and 5.5 using https://www.redpacketsecurity.com/testing-dirty-cow-cve-2016-5195/ and the test came back negative, however because gcc is not installed I had to compile from different machine; this could skew test. Perhaps someone from VMware could comment?

Highlighted
Enthusiast
Enthusiast

VMware Response to CVE-2016-5195: ‘Dirty COW’ privilege escalation vulnerability http://kb.vmware.com/kb/2147515

VMware product updates address local privilege escalation vulnerability in Linux kernel VMSA-2016-0018.3

0 Kudos