CVE-2016-5195 PoC — Linux kernel 竞争条件问题漏洞

Source

https://github.com/fei9747/CVE-2016-5195

Associated Vulnerability

Title:Linux kernel 竞争条件问题漏洞 (CVE-2016-5195)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞，该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。

Readme

# dirtycow

This exploit uses the pokemon exploit of the dirtycow vulnerability as a base and automatically generates a new passwd line.
The user will be prompted for the new password when the binary is run.
The original /etc/passwd file is then backed up to /tmp/passwd.bak and overwrites the root account with the generated line.
After running the exploit you should be able to login with the newly created user.

To use this exploit modify the user values according to your needs.

The default user being created is `firefart`.

Original exploit (dirtycow's ptrace_pokedata "pokemon" method):
  https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c

Compile with:

```bash
gcc -pthread dirty.c -o dirty -lcrypt
```

Then run the newly create binary by either doing:
```bash
./dirty
```

or

```bash
 ./dirty my-new-password
 ```
Afterwards, you can either `su firefart` or `ssh firefart@...`

**DON'T FORGET TO RESTORE YOUR /etc/passwd AFTER RUNNING THE EXPLOIT!**

```bash
mv /tmp/passwd.bak /etc/passwd
```

Exploit adopted by Christian "FireFart" Mehlmauer

https://firefart.at

File Snapshot


 [4.0K]  /data/pocs/403c2390d0c6b4214a15430fb9003328e7bf104a
├── [4.7K]  dirty.c
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!