关联漏洞
标题:
Linux kernel 安全漏洞
(CVE-2022-0847)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于新管道缓冲区结构的“flag”变量在 Linux 内核中的 copy_page_to_iter_pipe 和 push_pipe 函数中缺乏正确初始化。非特权本地用户利用该漏洞可以提升权限至root。以下产品和版本受到影响:Linux Kernel 5.8-5.16.11、5.8-5.15.25、5.8-5.10.102。
描述
CVE-2022-0847 POC
介绍
# Dirty Pipe POC
CVE-2022-0847 POC - https://dirtypipe.cm4all.com/
## Description
This exploit attempts to use the `CVE-2022-0847` vulnerability to overwrite a read only file.
When `make exploit` is run, it will:
1. Create a `read_only_file.txt`
2. Execute the `dirtypipe` exploit.
3. Check if the `dirtypipe` exploit worked.
---
You can determine if your system is vulnerable by the output of `make exploit`:
```console
foo@bar:~$ make exploit # vulnerable
[*] Creating read_only_file.txt...
[*] Press any key to continue...
[*] Running exploit...
[*] Exploit was successful!
foo@bar:~$ make exploit # not vulnerable
[*] Creating read_only_file.txt...
[*] Press any key to continue...
[*] Running exploit...
[!] Exploit was not successful!
```
## Usage
```console
foo@bar:~$ cd /tmp # We don't need to keep these files.
foo@bar:~$ git clone https://github.com/breachnix/dirty-pipe-poc && cd dirty-pipe-poc
foo@bar:~$ make && make exploit # make & cc will need to be installed.
```
## Affected
This vulnerability affects any kernel version higher than **5.8** but lower than **5.16.11**, **5.15.25**, or **5.10.102**.
You can determine your kernel version by executing `uname -sr`:
```console
foo@bar:~$ uname -sr
Linux 5.10.0-12-amd64
```
文件快照
[4.0K] /data/pocs/0206ab6de8b9df494a92190bcb9a513cb749a288
├── [ 501] exploit.sh
├── [ 434] Makefile
├── [1.2K] README.md
└── [4.0K] src
└── [4.5K] dirtypipe.c
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。