Last active
March 5, 2021 09:29
-
-
Save Xenthys/dbafad854f0f40797a394b3d8af36fb7 to your computer and use it in GitHub Desktop.
CVE-2016-5195 - A little script made to mitigate the Dirty COW exploit on Debian when a reboot is not possible yet.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # SystemTap workaround for CVE-2016-5195 | |
| # Bash script by Dylan Ysmal <xenthys@blackfields.net> | |
| # https://security-tracker.debian.org/tracker/DSA-3696-1 | |
| # https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 | |
| # systemtap linux-headers-$(uname -r) linux-image-$(uname -r)-dbg | |
| # https://xenthys.blackfields.net/CVE-2016-5195.stp | |
| # sudo stap -F -g /path/to/CVE-2016-5195.stp | |
| FIX='probe kernel.function("mem_write").call ? {$count = 0} | |
| probe syscall.ptrace {$request = 0xfff} | |
| probe begin {printk(0, "CVE-2016-5195 mitigation loaded")} | |
| probe end {printk(0, "CVE-2016-5195 mitigation unloaded")}' | |
| if [[ $(id -u) -ne 0 ]]; then | |
| echo "Error: this script must be run as root." | |
| exit 1 | |
| fi | |
| if [[ -f /etc/os-release ]]; then | |
| # Lazy check, it should be enough | |
| if grep -qi "id=debian" /etc/os-release; then | |
| echo "Installing required dependencies..." | |
| if ! apt-get install -y "systemtap" "linux-headers-$(uname -r)" "linux-image-$(uname -r)-dbg"; then | |
| echo "Error: installation of dependencies failed, exiting." | |
| exit 1 | |
| fi | |
| echo "Patching the system using SystemTap..." | |
| echo "$FIX" | stap -F -g - | |
| echo "Done, the system should be patched." | |
| exit 0 | |
| fi | |
| fi | |
| echo "Error: this script only works on Debian." | |
| exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment