CVE-2014-4943 PoC — Linux kernel 权限许可和访问控制问题漏洞

Source

https://github.com/redes-2015/l2tp-socket-bug

Associated Vulnerability

Title:Linux kernel 权限许可和访问控制问题漏洞 (CVE-2014-4943)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 3.15.6及之前版本的net/l2tp/l2tp_ppp.c文件中的‘pppol2tp_setsockopt()’和‘pppol2tp_getsockopt()’函数存在安全漏洞。本地攻击者可利用该漏洞获取特权。

Description

Estudo e apresentação do bug CVE-2014-4943 para a disciplina MAC0448

Readme

CVE-2014-4943
=============

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6
allows local users to gain privileges by leveraging data-structure differences
between an l2tp socket and an inet socket.

CVSS v2 Base Score: 6.9 (MEDIUM)

File Snapshot


 [4.0K]  /data/pocs/d9ed3ec68e682aec201e52a58620d3a5a1e0863f
├── [4.0K]  code
│   ├── [5.8K]  codigos.c
│   ├── [4.8K]  cve-2014-4943_poc.c
│   ├── [3.2K]  cve-simplificado.c
│   └── [ 837]  linux-3.10.0-123.el7-mac448.patch
├── [4.0K]  doc
│   └── [ 34K]  enunciado.pdf
├── [ 264]  README.md
└── [4.0K]  slides
    ├── [ 138]  convertToPdf.sh
    ├── [216K]  pesquisaL2TP.odt
    ├── [197K]  slides.odp
    └── [802K]  slides.pdf

3 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!