Linux 3.8 Local Root Vulnerability
It seems that calling clone () with the parameters CLONE_NEWUSER | CLONE_FS results in uid 0, i.e. allows the user to get superuser rights.
The exploit works only if support for the namespaces is built into the kernel, and the user has write access to the root file system (in a large number of systems, the root and home partition are on the same partition).
To launch an exploit in a 32-bit environment, change all occurrences of lib64 to lib, and ld-linux-x86-64.so.2 to ld-linux.so.2.
Exploit
Newsletter Post
News on Linux.org.ru
The exploit works only if support for the namespaces is built into the kernel, and the user has write access to the root file system (in a large number of systems, the root and home partition are on the same partition).
To launch an exploit in a 32-bit environment, change all occurrences of lib64 to lib, and ld-linux-x86-64.so.2 to ld-linux.so.2.
Exploit
Newsletter Post
News on Linux.org.ru
')
Source: https://habr.com/ru/post/172765/
All Articles