Linux kernel privilege escalation vulnerability (CVE-2019-13272) Linux kernel privilege escalation vulnerability (CVE-2019-13272)

Others 2019-11-03 22:16:55 views: null

Linux kernel privilege escalation vulnerability (CVE-2019-13272)

Vulnerability Description

kernel / ptrace.c in ptrace_link mishandled credentials recording process ptrace want to create a relationship, which allows local users to take advantage of certain programs father and son to gain root access to the process of relationship, parent delete permissions and calls execve ( It could allow an attacker to control). A factor is the target life issues (can also lead to panic). Another factor is the relationship between the ptrace marked as privileged, which can be (for example) Polkit program with the help of pkexec PTRACE_TRACEME be used. Obtain root privileges.

Affects Version: Linux Kernel <5.1.17

But after the experiment, the greater impact on ubuntu, debian and centos not to mention a little high on the right.

Test version Ubuntu18.04.1

1, exp download vulnerability, anti-directory in the Home

Download: https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272

In the following unbuntu git clone below it

 

 2, good for download vulnerability exp compile, run the compiled file

CVE-gcc -o 2019-13272.c CVE-bit 
./cve-poc

 

 3, successfully obtain root privileges

Vulnerability Description

kernel / ptrace.c in ptrace_link mishandled credentials recording process ptrace want to create a relationship, which allows local users to take advantage of certain programs father and son to gain root access to the process of relationship, parent delete permissions and calls execve ( It could allow an attacker to control). A factor is the target life issues (can also lead to panic). Another factor is the relationship between the ptrace marked as privileged, which can be (for example) Polkit program with the help of pkexec PTRACE_TRACEME be used. Obtain root privileges.

Affects Version: Linux Kernel <5.1.17

But after the experiment, the greater impact on ubuntu, debian and centos not to mention a little high on the right.

Test version Ubuntu18.04.1

1, exp download vulnerability, anti-directory in the Home

Download: https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272

In the following unbuntu git clone below it

 

 2, good for download vulnerability exp compile, run the compiled file

CVE-gcc -o 2019-13272.c CVE-bit 
./cve-poc

 

 3, successfully obtain root privileges

Guess you like

Origin www.cnblogs.com/kuaile1314/p/11789356.html
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com