[Unaffected] Security Notice for Dirty COW. CVE-2016-5195


#1

Re: Dirty COW vulnerability as specified in Common Vulnerability and Exposures CVE-2016 5195

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

Description:
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”

**Peplink has verified and confirmed that none of our products allow local accounts in any form, we are unaffected by this vulnerability. **

No customer action is required.

Thank you for your attention.

The Peplink Team
Issued on: November 17th, 2016


#2

Evening
Thank you for clarifying this within 24 hours of another member requesting this information.
A security venerability page would be nice. Possible only accessed by customers via IC2, serial number, partner pavilion etc
Thank You


#3

Eric, thank you again for doing this.

GNO-2014, if Peplink ever decides that *certain *security information is too sensitive to publish even on a consolidated security vulnerabilities page or forum, I think your idea is a good one. Lock down such sensitive info on a secured site accessible only by confirmed Peplink product owners or partners.

A pleasant weekend to all!

Best,

Roberto Broccoli