CA Workload Automation ESP Edition

Dirty COW vulnerability - CVE-2016-5195

  • 1.  Dirty COW vulnerability - CVE-2016-5195

    Posted 11-02-2016 03:16 PM

    Dear CA Customer:

    On Thursday, October 19, 2016 a privilege escalation vulnerability was disclosed, CVE-2016-5195.  This exploit is commonly called Dirty COW. Per Red Hat, “A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”  This vulnerability has not yet received a Common Vulnerability Scoring System (CVSS) rating from the National Vulnerability Database (NVD), but has been given a high priority and severity by Red Hat and other Linux vendors. 

     

    Please be advised that CA Workload Automation products are not directly affected by either the vulnerability or operating system vendor recommended patches. This is strictly a Linux kernel bug.

     

    CA recommends all customers take steps to secure systems as a matter of priority.

    Contact your operating system vendor for updated information.

     

    Thank you,

    CA Workload Automation Team