Linux kernel privilege escalation vulnerability (CVE-2019-13272)
Vulnerability Description
kernel / ptrace.c in ptrace_link mishandled credentials recording process ptrace want to create a relationship, which allows local users to take advantage of certain programs father and son to gain root access to the process of relationship, parent delete permissions and calls execve ( It could allow an attacker to control). A factor is the target life issues (can also lead to panic). Another factor is the relationship between the ptrace marked as privileged, which can be (for example) Polkit program with the help of pkexec PTRACE_TRACEME be used. Obtain root privileges.
Affects Version: Linux Kernel <5.1.17
But after the experiment, the greater impact on ubuntu, debian and centos not to mention a little high on the right.
Test version Ubuntu18.04.1
1, exp download vulnerability, anti-directory in the Home
Download: https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272
In the following unbuntu git clone below it
2, good for download vulnerability exp compile, run the compiled file
CVE-gcc -o 2019-13272.c CVE-bit ./cve-poc
3, successfully obtain root privileges
Vulnerability Description
kernel / ptrace.c in ptrace_link mishandled credentials recording process ptrace want to create a relationship, which allows local users to take advantage of certain programs father and son to gain root access to the process of relationship, parent delete permissions and calls execve ( It could allow an attacker to control). A factor is the target life issues (can also lead to panic). Another factor is the relationship between the ptrace marked as privileged, which can be (for example) Polkit program with the help of pkexec PTRACE_TRACEME be used. Obtain root privileges.
Affects Version: Linux Kernel <5.1.17
But after the experiment, the greater impact on ubuntu, debian and centos not to mention a little high on the right.
Test version Ubuntu18.04.1
1, exp download vulnerability, anti-directory in the Home
Download: https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272
In the following unbuntu git clone below it
2, good for download vulnerability exp compile, run the compiled file
CVE-gcc -o 2019-13272.c CVE-bit ./cve-poc
3, successfully obtain root privileges