Linux Vulnerability Assessment to Secure Systems
A new Filemaker server security threath with Linux known as “Dirty Pipe” allows local users to gain root privileges through publicly available exploits. Security researcher Max Kellermann responsibly disclosed the Dirty Pipe vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.
This vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.
While the bug has been fixed in Linux kernels 5.16.11, 5.15.25, and 5.10.102, many servers continue to run outdated kernels, making the release of this exploit a significant issue for server administrators. This bug is especially concerning for web hosting providers who offer Linux shell access, or universities, which commonly provide shell access to multi-user Linux systems.
Table of Contents
- What is shell access (SSH)?
- Do you need shell access?
- Servers hosted with Direct Impact Solutions
- What kernel version is installed on your Linux server?
- What to do if you have an affected kernel version
What is shell access (SSH)?
Shell access, commonly referred to as SSH (Secure Shell), is remote command line access to a server. Having command line access, if you’re familiar with using it, can be very helpful. It can help you speed up certain tasks, and make certain tasks possible that wouldn’t work without shell access.
Do I need shell access?
For a majority of users, shell access is not needed. Shell Access is generally required by advanced users that are either familiar with the Linux command line and prefer to work this way, or that need to install server side applications and need shell access to do so.
Improve Security with Direct Impact Solutions’ Linux Vulnerability Assessment
Customers need to be aware that Direct Impact does not provide shell access to any of the servers we manage. Shell access is only available to select Direct Impact employees that manage the servers.
For servers we are managing, here’s the detail regarding the Linux version installed on those servers:
For Filemaker servers running under Linux, Claris released two versions of Filemaker Server 19 that run under Linux. The current supported version runs under Ubuntu 18.04 LTS. The kernel version used on that release is 5.4.0-1066-aws; it’s not affected by this Linux vulnerability. The other version that Filemaker uses is running under CentOS 7.8 or 7.9. CentOS 7.8 uses kernel version 3.10.0-1127 and 7.9 uses kernel version 3.10.0-1160. Both versions are not affected by this vulnerability.
For servers that are used for hosting websites only, we are using the following Linux versions:
Ubuntu 16.04.6 LTS that use a kernel version 4.4.0-1128-aws. This not affected by the Linux vulnerability. Ubuntu 18.04 LTS that use a kernel version 5.4.0-1066-aws, which is also not affected by this vulnerability.
What kernel version is installed on your Linux server?
If you have a Linux server that is not hosted with us and you would like to know the kernel version currently installed on it, here are the steps to find out which version you are using:
- Connect to your Linux server via SSH
- Type “uname -r”
- The return value will be the exact kernel version installed on your server
What to do if you have an affected kernel version
If your server has a kernel version affected by this Linux vulnerability, the easiest option to fix the issue is to install the latest updates on it and keep your web application protected.
Here are the steps for Ubuntu servers:
- Connect to your Linux server via SSH
- Type “sudo apt-get update” to retrieve the list of updates
- Type “sudo apt-get upgrade” to install the latest updates
- Type “sudo reboot” to make sure the latest updates are running
- Reconnect to your server via SSH after the reboot
- Type “uname -r” to confirm you have a new kernel version that is patched for this vulnerability
Here are the steps for CentOS servers:
- Connect to your Linux server via SSH
- Type “sudo yum check-update” to see a list of available updates
- Type “sudo yum update” to install all the latest updates.
- Type “sudo reboot” to make sure the latest updates are running
- Reconnect to your server via SSH after the reboot
- Type “uname -r” to confirm you have a new kernel version that is patched for this Linux vulnerability
We recommend checking with your FileMaker developer and hosting provider before making changes to your server. If you’d like to explore your hosting options with Direct Impact Solutions, you can find more information here.