Update documentation

Author: bcoles

modules/exploits/linux/local/apport_abrt_chroot_priv_esc.md renamed to documentation/modules/exploit/linux/local/apport_abrt_chroot_priv_esc.md

@@ -7,12 +7,16 @@
 
   Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing `usr/share/apport/apport` within the crashed task's directory to be executed.
 
-  Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing `usr/libexec/abrt-hook-ccpp` within the crashed task's directory to be executed.
+  Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing `usr/libexec/abrt-hook-ccpp` within the crashed task's directory to be executed. Fedora's crash handler was reportedly configured to chroot ABRT by default between April and August 2014.
 
   In both instances, the crash handler does not drop privileges, resulting in code execution as root.
 
+  This module has been tested successfully on:
+
   * Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64
-  * ABRT on Fedora 19 and 20 x86_64.
+  * ABRT on Fedora 19 and 20 x86_64
+
+  To test Fedora 20, disable SELinux, reboot, and modify `/proc/sys/kernel/core_pattern` to make use of the vulnerable `core_pattern` : `|/usr/sbin/chroot /proc/%P/root /usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e`
 
 
 ## Verification Steps