Symptom
On October 19th, 2016, a new vulnerability was disclosed that a race condition existed in the memory manager of the Linux kernel. This vulnerability could allow an unprivileged local user to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
This bug has been filed by PSIRT against the product Cisco NCS5000; Cisco NCS5500; Cisco NCS1000; Cisco XRv 9000, Cisco ASR 9000 (eXR) to address the vulnerability known as "Linux Kernel Local Privilege Escalation (Dirty CoW)" and identified by CVE: CVE-2016-5195
Cisco has evaluated the impact of this vulnerability on this product and concluded that the product may still run an affected Linux Kernel software version. However, Cisco's default application of the software in these products does not include the features that would enable an exploit. See conditions for more details on this.
This bug will be used to update the Linux kernel version.
Conditions
Linux shells are currently root users only. No arbitrary executables allowed unless you already have root access.
Root user installed apps are allowed on the box for eXR. These root user installed apps can potentially be running as non-root (which includes providing shell access). These apps are not Cisco applications. We are giving customers the ability to create potential for exploiting this vulnerability.
Further Problem Description
PSIRT Evaluation
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
