Skip to content

glibc getcwd() local privilege escalation compiled binaries

Notifications You must be signed in to change notification settings

0x00-0x00/CVE-2018-1000001

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

glibc - 'getcwd()' Local Privilege Escalation

Attention: All rights to the exploit writer. I have just compiled and organized a repository for this CVE.

CVE: 2018-1000001 Alias: RationalLove

  • exploit-debian - Exploit compiled in debian x64
  • exploit-ubuntu - Exploit compiled in ubuntu x64

Am I vulnerable?

To discover if the machine is vulnerable:

dpkg --list | grep -i libc6

If your libc6 package is:

  • 2.24-11+deb9u1 for Debian Stretch
  • 2.23-0ubuntu9 for Ubuntu Xenial Xerus

Then you're probably vulnerable.

If you are lazy, I developed a shell script to check if your machine is vulnerable.

It is in this repository, and it is named vulncheck.sh. You can use it to determine if the public exploit will work or not based on the libc6 package.

Exploitation

Simply drop the binary into the vulnerable system and execute it to get root. Exploit

Remediation

It is recommended immediate patch of libc package using apt-get update -y && apt-get upgrade -y

About

glibc getcwd() local privilege escalation compiled binaries

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published