This vulnerability is especially problematic for multi-tenancy servers, including those used for web hosting.
Southfield, MI (PRWEB) October 31, 2016
Future Hosting, a specialized VPS and managed dedicated server hosting provider, has advised server administrators to update Linux server operating systems as soon as possible. The advice is a response to the recent discovery of a serious privilege escalation vulnerability in the Linux kernel (as reported in Ars Technica on October 20).
The so-called "Dirty Cow" vulnerability has been part of the Linux kernel for more than a decade, and there is evidence of it being actively exploited by online criminals and hackers.
The vulnerability can be used by a local user to gain elevated permissions, allowing them to read and write data to memory and system files. Once a malicious user has leveraged the vulnerability to gain root user permissions, all users of the server are at risk.
The vulnerability is a particular threat to web hosting providers, who commonly give accounts on the same server to many different clients. On an unpatched server, any one of those users could leverage the vulnerability to gain access to the data of other users.
“Although Future Hosting immediately patched its managed servers when news of the vulnerability broke, we're concerned that there may be many thousands of servers that remain unpatched,” said Maulesh Patel, VP of Operations of Future Hosting, “This vulnerability is especially problematic for multi-tenancy servers, including those used for web hosting. Responsible web hosting providers should proactively patch vulnerable servers.”
Although the vulnerability requires a malicious user to have an account on the server, it could be combined with other vulnerabilities to allow the remote execution of arbitrary code with root permissions. Any vulnerability that provides shell access or allows the execution of code on the server — as in the case of an SQL-injection attack — can be combined with the privilege escalation vulnerability.
Future Hosting offers KSplice Uptrack on many of its managed and unmanaged server plans, allowing clients to update their servers, including the kernel, without requiring a reboot and the associated downtime.
About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com