|
88994 | 88994 |
|
88995 | 88995 | ] |
88996 | 88996 | }, |
| 88997 | + "exploit_linux/local/gameoverlay_privesc": { |
| 88998 | + "name": "GameOver(lay) Privilege Escalation and Container Escape", |
| 88999 | + "fullname": "exploit/linux/local/gameoverlay_privesc", |
| 89000 | + "aliases": [ |
| 89001 | + |
| 89002 | + ], |
| 89003 | + "rank": 300, |
| 89004 | + "disclosure_date": "2023-07-26", |
| 89005 | + "type": "exploit", |
| 89006 | + "author": [ |
| 89007 | + "g1vi", |
| 89008 | + "h00die", |
| 89009 | + "bwatters-r7", |
| 89010 | + "gardnerapp" |
| 89011 | + ], |
| 89012 | + "description": "This module exploits the use of unsafe functions in a number of Ubuntu kernels\n utilizing vunerable versions of overlayfs. To mitigate CVE-2021-3493 the Linux\n kernel added a call to vfs_setxattr during ovl_do_setxattr. Due to independent\n changes to the kernel by the Ubuntu development team __vfs_setxattr_noperm is\n called during ovl_do_setxattr without calling the intermediate safety function\n vfs_setxattr. Ultimatly this module allows for root access to be achieved by\n writing setuid capabilities to a file which are not sanitized after being unioned\n with the upper mounted directory.", |
| 89013 | + "references": [ |
| 89014 | + "URL-https://www.crowdstrike.com/blog/crowdstrike-discovers-new-container-exploit/", |
| 89015 | + "URL-https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629", |
| 89016 | + "URL-https://www.cvedetails.com/cve/CVE-2023-2640/", |
| 89017 | + "URL-https://www.cvedetails.com/cve/CVE-2023-32629/", |
| 89018 | + "URL-https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability", |
| 89019 | + "CVE-2023-32629", |
| 89020 | + "CVE-2023-2640" |
| 89021 | + ], |
| 89022 | + "platform": "Linux,Unix", |
| 89023 | + "arch": "", |
| 89024 | + "rport": null, |
| 89025 | + "autofilter_ports": [ |
| 89026 | + |
| 89027 | + ], |
| 89028 | + "autofilter_services": [ |
| 89029 | + |
| 89030 | + ], |
| 89031 | + "targets": [ |
| 89032 | + "Linux_Binary", |
| 89033 | + "Linux_Command" |
| 89034 | + ], |
| 89035 | + "mod_time": "2024-12-17 16:52:24 +0000", |
| 89036 | + "path": "/modules/exploits/linux/local/gameoverlay_privesc.rb", |
| 89037 | + "is_install_path": true, |
| 89038 | + "ref_name": "linux/local/gameoverlay_privesc", |
| 89039 | + "check": true, |
| 89040 | + "post_auth": false, |
| 89041 | + "default_credential": false, |
| 89042 | + "notes": { |
| 89043 | + "Stability": [ |
| 89044 | + "crash-safe" |
| 89045 | + ], |
| 89046 | + "Reliability": [ |
| 89047 | + "repeatable-session" |
| 89048 | + ], |
| 89049 | + "SideEffects": [ |
| 89050 | + "artifacts-on-disk" |
| 89051 | + ] |
| 89052 | + }, |
| 89053 | + "session_types": [ |
| 89054 | + "shell", |
| 89055 | + "meterpreter" |
| 89056 | + ], |
| 89057 | + "needs_cleanup": true, |
| 89058 | + "actions": [ |
| 89059 | + |
| 89060 | + ] |
| 89061 | + }, |
88997 | 89062 | "exploit_linux/local/glibc_ld_audit_dso_load_priv_esc": { |
88998 | 89063 | "name": "glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation", |
88999 | 89064 | "fullname": "exploit/linux/local/glibc_ld_audit_dso_load_priv_esc", |
|
0 commit comments