Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-14954 PoC — Linux kernel 信息泄露漏洞

Source
https://github.com/echo-devim/exploit_linux_kernel4.13
Associated Vulnerability
Title:Linux kernel 信息泄露漏洞 (CVE-2017-14954)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.13.4及之前的版本中的kernel/exit.c文件的‘waitid’实现过程存在安全漏洞。本地攻击者可借助特制的系统调用利用该漏洞获取敏感信息,绕过KASLR保护机制。
Description
LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123
Readme
This repo contains an old poc that combines three CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123).
The poc is a Local Privilege Escalation for Linux Kernel 4.13 (tested on Ubuntu).

The exploit uses an info leak (CVE-2017-14954) to bypass KASLR, an arbitrary read (CVE-2017-18344) to read the kernel memory looking for the `struct cred` for user with uid 1000 (non privileged) and uses the buggy `waitid` system call (CVE-2017-5123) to overwrite the uid value with 0 (root).

I'm not the original author of the three exploits, I just combined them as an exercise.
File Snapshot

 [4.0K]  /data/pocs/c9055d6c63447c39f49028727f802c45fff900e6
├── [ 13K]  poc.c
└── [ 568]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.