Is Identity Suite 14.0 Virtual Appliance affected by the Dirty Cow Vulnerability?

Document ID : KB000013108
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

The Dirty Cow allows an attacker to gain privilege escalation on the Linux kernel. As the Identity Suite 14.0 Virtual Appliance is based on a Linux kernel, would this be affected?

Answer:

Yes, Identity Suite vApp is vulnerable on the base 14.0 version. In order to take advantage of this exploit, a user must have login shell access to the vApp (over SSH/CLI) which means the user must know the "config" user credentials. There is a fix available in the latest cumulative patch for Virtual Appliance 14.0.