CVE-2018-1000001 PoC — GNU glibc 权限许可和访问控制问题漏洞

Source

https://github.com/usernameid0/tools-for-CVE-2018-1000001

Associated Vulnerability

Title:GNU glibc 权限许可和访问控制问题漏洞 (CVE-2018-1000001)
Description:GNU glibc（又名GNU C Library，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU glibc 2.26及之前版本中存在本地提权漏洞。本地攻击者可利用该漏洞获取提升的权限，执行任意代码。

Description

Tools for get offsets and adding patch for support i386

Readme

# Tools for CVE-2018-1000001

## Check vulnerability:
```
$ cat /proc/sys/kernel/unprivileged_userns_clone
```
Output:
```
1
```
If file "/proc/sys/kernel/unprivileged_userns_clone" does not exists:
```
$ unshare -mU /bin/sh -c "sleep 5" & /bin/sh -c "sleep 1; cd /proc/$!/cwd; realpath .; kill -9 $!"
```
The output must contain the string "(unreachable)" before '/':
```
[1] 12345
(unreachable)/home/user
```

## tool.so
Options are passed via Environment variables:
```
TRACE_DEBUG=1  - Value for printing debug information (Default: 0)
STACK_SIZE=100 - Size output data of stack (Default: 100)
```
How to run:
```
$ make
$ cp /bin/umount .
$ LD_PRELOAD="$(realpath tool.so)" TRACE_DEBUG=1 STACK_SIZE=100 ./umount /root
```

## More
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/

File Snapshot


 [4.0K]  /data/pocs/928f8abbef149b5af1f6b17d626c04f2b4890baf
├── [9.9K]  add_support_i386_RationalLove.patch
├── [  86]  Makefile
├── [ 803]  README.md
└── [ 18K]  tool.cpp

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!