来源

关联漏洞

描述

A penetration test of Ubuntu Touch 16.04 that identified 7 vulnerabilities, including a critical kernel exploit (CVE-2021-3493) allowing root access. This report provides findings and actionable hardening recommendations.

介绍

# Ubuntu Touch Security VAPT Report

Welcome to the Ubuntu Touch penetration test repository. This project provides a detailed breakdown of security findings from an assessment of Ubuntu Touch (v16.04, Kernel 5.4.0).

The goal is to offer a clear, actionable resource for developers and the open-source community to improve the security posture of the operating system.

## Project Structure

```
UbuntuTouchSecurityVAPTReport/
├── ISSUE_TEMPLATE/
│   └── finding.md        # Issue template for new findings
├── findings/
│   ├── CRITICAL-CVE-2021-3493.md
│   ├── CRITICAL-Insecure-Credential-Storage.md
│   ├── HIGH-Disabled-ASLR.md
│   ├── HIGH-Weak-Snap-Confinement.md
│   ├── MEDIUM-Outdated-Snap-Packages.md
│   ├── MEDIUM-Unencrypted-Device-Storage.md
│   └── MEDIUM-Unrestricted-Sudo-Access.md
├── scripts/
│   ├── CVE-2021-3493-poc.c   # Proof-of-concept exploit code
│   └── mobsf_setup.sh        # Automation script for setting up MobSF
├── README.md                 # This file
└── report.pdf               # Complete security assessment report
```

## Quick Start

* [**Full Report**](report.pdf): Complete security assessment report with methodology and findings
* [**Browse Individual Findings**](findings/): Detailed technical write-ups for each vulnerability
* [**Explore PoC Scripts**](scripts/): Proof-of-concept and automation scripts used during testing
* [**Issue Template**](ISSUE_TEMPLATE/finding.md): Template for reporting new security findings

## Security Findings Summary

### Critical Severity
- **CVE-2021-3493**: Linux Kernel OverlayFS Privilege Escalation
- **Insecure Credential Storage**: Plaintext storage of sensitive authentication data

### High Severity
- **Disabled ASLR**: Address Space Layout Randomization not properly implemented
- **Weak Snap Confinement**: Insufficient security policies for snap packages

### Medium Severity
- **Outdated Snap Packages**: Multiple packages with known security vulnerabilities
- **Unencrypted Device Storage**: Lack of encryption for user data and system files
- **Unrestricted Sudo Access**: Overly permissive privilege management

## Tools and Scripts

### Proof of Concept
- `CVE-2021-3493-poc.c`: Demonstrates the OverlayFS privilege escalation vulnerability

### Automation
- `mobsf_setup.sh`: Automated setup of Mobile Security Framework for Ubuntu Touch testing

## Usage

### Running the CVE-2021-3493 PoC
```bash
cd scripts
gcc -o cve-2021-3493-poc CVE-2021-3493-poc.c
./cve-2021-3493-poc
```

### Setting up MobSF for Testing
```bash
cd scripts
chmod +x mobsf_setup.sh
./mobsf_setup.sh
```

## Contributing

New findings are welcome! Please use the [**New Finding issue template**](ISSUE_TEMPLATE/finding.md) to submit a new vulnerability report.

### Reporting Process
1. Use the provided template in `ISSUE_TEMPLATE/finding.md`
2. Follow the established severity classification
3. Include proof-of-concept code when applicable
4. Provide clear remediation steps

## Disclaimer

This repository contains information about security vulnerabilities for educational and research purposes. The proof-of-concept code should only be used on systems you own or have explicit permission to test. The authors are not responsible for any misuse of this information.

文件快照

 [4.0K]  /data/pocs/d1e7affc9b303af7c8f7807b5e65ef3921059693
├── [4.0K]  findings
│   ├── [2.3K]  CRITICAL-CVE-2021-3493.md
│   ├── [2.3K]  CRITICAL-Insecure-Credential-Storage.md
│   ├── [2.2K]  HIGH-Disabled-ASLR.md
│   ├── [2.1K]  HIGH-Weak-Snap-Confinement.md
│   ├── [2.1K]  MEDIUM-Outdated-Snap-Packages.md
│   ├── [2.0K]  MEDIUM-Unencrypted-Device-Storage.md
│   └── [2.0K]  MEDIUM-Unrestricted-Sudo-Access.md
├── [4.0K]  ISSUE_TEMPLATE
│   └── [1.0K]  finding.md
├── [3.3K]  README.md
├── [ 84K]  report.pdf
├── [4.0K]  scripts
│   ├── [4.9K]  CVE-2021-3493-poc.c
│   └── [7.1K]  mobsf_setup.sh
└── [7.4M]  WalkthroughVideo.mp4

3 directories, 13 files

备注