On 10/22/2016 02:52 PM, Denice wrote: > As well, the importance of this vulnerability hinges on user access; > in SANS newsbites yesterday, one of the editors made this remark > about this kernel vulnerablity (branded by the person(s) who raised > the issue: "Dirty Cow"): > > This is a privilege escalation vulnerability that was introduced in > Linux > about 11 years ago. An exploit has been used in some attacks to take > advantage of this vulnerability, but the exploit has not been made > public yet. Systems based on RedHat ES 5 and 6, which are vulnerable, > appear to be not susceptible to the exploit as this particular exploit > requires write access to /proc/self/mem. Given that this exploit > requires user access, and the actual exploit is only in limited > distribution (but this may change soon), "branding" this exploit is > hyping a minor and common vulnerability and only serves to distract > administrators from more important tasks. Deal with patches for this > vulnerability like you would deal with any other kernel patch. > > https://www.sans.org/newsletters/newsbites/xviii/84
Well said. Thank you for that link. > > cheers, etc. Cheers!
signature.asc
Description: OpenPGP digital signature
