Posts tagged Linux

CVE-2015-8660 Linux Kernel OverLay Fail

Timeline :

Vulnerability discovered by Nathan Williams and reported to vendor
Patched by the vendor the 2015-12-04
Advisory release the 2015-12-28
PoC provided by rebel the 2015-01-06

PoC provided by :

rebel

Reference(s) :

CVE-2015-8660

Affected version(s) :

Linux kernel through 4.3.3

Tested onĀ :

Ubuntu Server 64-bit 15.10 with python installed

Description :

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Commands :

gcc -o CVE-2015-8660 CVE-2015-8660.c
id
./CVE-2015-8660
id

CVE-2013-1763 SOCK_DIAG vulnerability in Linux kernel 3.3 to 3.8 Demo

Timeline :

Vulnerability discovered and reported to the vendor by Mathias Krause the 2013-02-23
PoC provided the 2013-02-25

PoC provided by :

Mathias Krause
SynQ

Reference(s) :

CVE-2013-1763

Affected version(s) :

Linux Kernel 3.3 to 3.8

Tested on Ubuntu 12.10 x86 with :

Kernel 3.5.0-17-generic

Description :

Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY with a family greater or equal then AF_MAX — the array size of sock_diag_handlers[]. The current code does not test for this condition therefore is vulnerable to an out-of-bound access opening doors for a privilege escalation.

Commands :

id
gcc -o CVE-2013-1763 CVE-2013-1763.c
./CVE-2013-1763 Ubuntu
id

Year 2012 Main Exploitable Vulnerabilities Interactive Timeline

You can find, by clicking on the following image, a visualization timeline of the main exploitable vulnerabilities of year 2012.

Start date of a slide is corresponding to:

  • the date of discovery of the vulnerability, or
  • the date of report to the vendor, or
  • the date of public release of the vulnerability

End date of a slide is corresponding to:

  • the date of vendor security alert notification, or
  • the date of Metasploit integration, or
  • the date of fix, or
  • the date of PoC disclosure
Year 2012 Main Exploitable Vulnerabilities Interactive Timeline

Year 2012 Main Exploitable Vulnerabilities Interactive Timeline

CVE-2012-0056 Mempodipper Linux Local Root Exploit Demo

Timeline :

Vulnerability discovered by zx2c4 (Jason A. Donenfeld)
Public release of the vulnerability the 2012-01-18
Exploit provided the 2012-01-23

PoC provided by :

zx2c4 (Jason A. Donenfeld)

Reference(s) :

CVE-2012-0056
EBD-ID-18411

Affected version(s) :

Linux kernel’s above or equal to 2.6.39 (32 bit or 64 bit).

Tested on Ubuntu 11.10 with :

Linux ubuntu 3.0.0-15-generic

Description :

Mempodipper is an exploit for CVE-2012-0056 exploiting an issue in the handling of the /proc/pid/mem writing functionality, where permissions are not being properly checked in the Linux kernel version 2.6.39 to current. A local, unprivileged user could use this flaw to escalate their privileges.

Commands :

whoami
gcc -o CVE-2012-0056-Mempodipper CVE-2012-0056-Mempodipper.c
./CVE-2012-0056-Mempodipper
whoami

Go to Top