CVE-2018-1000001 PoC — GNU glibc 权限许可和访问控制问题漏洞

Source

Associated Vulnerability

Description

glibc getcwd() local privilege escalation compiled binaries

Readme

# glibc - 'getcwd()' Local Privilege Escalation 

Attention: 
    __All rights to the exploit writer. I have just compiled and organized a repository for this CVE.__

CVE: 2018-1000001
Alias: RationalLove

* exploit-debian - Exploit compiled in debian x64
* exploit-ubuntu - Exploit compiled in ubuntu x64

# Am I vulnerable?
To discover if the machine is vulnerable:
```bash
dpkg --list | grep -i libc6
```

If your libc6 package is:
* 2.24-11+deb9u1 for Debian Stretch
* 2.23-0ubuntu9 for Ubuntu Xenial Xerus

Then you're probably vulnerable. 

If you are lazy, I developed a shell script to check if your machine is vulnerable.

It is in this repository, and it is named `vulncheck.sh`. You can use it to determine if the public exploit will work or not based on the libc6 package.

# Exploitation
Simply drop the binary into the vulnerable system and execute it to get root.
![Exploit](/img/photo_2018-02-06_19-28-12.jpg?raw=true "CVE-2018-1000001 In action")

# Remediation
It is recommended immediate patch of libc package using `apt-get update -y && apt-get upgrade -y`

File Snapshot

 [4.0K]  /data/pocs/eac7642a3573e55415674474fd14890f77de97d7
├── [ 36K]  43775.c
├── [ 33K]  exploit-debian
├── [ 33K]  exploit-ubuntu
├── [4.0K]  img
│   └── [ 84K]  photo_2018-02-06_19-28-12.jpg
├── [1.1K]  README.md
└── [ 812]  vulncheck.sh

1 directory, 6 files

Remarks