What is CVE-2016-5195 (Dirty COW)
With this bug, an attacker can run code on a compromised Linux machine enabling them to escalate privileges to root. This Linux kernel flaw is a part of almost every open-source distribution of Linux. The vulnerability is most commonly exploited with local system access via shell accounts and enables an attacker to upload files that can be executed for malicious purposes. This specific vulnerability type is classified as a race condition and is tied to the way that Linux memory handles copy-on-write (COW) processes. When the vulnerability is exploited, an attacker gains write access to memory mappings that would normally be read-only.
Are KEMP LoadMaster Products Affected?
LoadMaster does not appear to be vulnerable to this exploit as a user would need shell access to the box (as non-root) and all it would provide is a possibility of getting root access. Since only root/xroot can log into the shell and the bal account (the only local account) cannot, LoadMaster does not appear to be exploitable. LoadMaster Operating system version 7.2.37 scheduled for GA in January 2017 will also include the PATCH released to mitigate this exploit.
Is KEMP 360 Central Affected?
KEMP 360 Central does not appear to be vulnerable to this exploit for the same reason as LoadMaster. Additionally, KEMP 360 Central v1.11, planned for download availability on 11/11, is based on Xenial LTS kernel version 4.4.0-45.66 which includes the PATCH released to mitigate this exploit.
Is KEMP 360 Vision Affected?
KEMP 360 Vision does not appear to be vulnerable to this exploit for the same reason as LoadMaster. Additionally, KEMP 360 Vision v1.2.1, which is in the process of being rolled out to subscribed customers now, is also based on Xenial LTS kernel version 4.4.0-45.66 which includes the PATCH released to mitigate this exploit.
Does KEMP track upstream security vulnerabilities?
Yes. Our job as a vendor is for us to understand, manage, and accept residual risk – we have policies and procedures in place to proactively monitory and address security issues when those occur.
We are ultimately responsible for the risk profile of our product - our goal is to ship with no known vulnerabilities. When vulnerabilities are found our goal is to communicate honestly and clearly and get fixes out as soon as responsibly possible.
Please contact our support engineers if you have any questions on your LoadMaster configuration. You can open a support ticket HERE.