Shulou(Shulou.com)05/31 Report--

How to carry out Ubuntu vulnerability CVE-2021-3493 early warning, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

one。 Brief introduction of CVE-2021-3493

The OverlayFS vulnerability allows local users under Ubuntu to gain root privileges. A Ubuntu-specific problem in the overlayfs file system in the Linux kernel, in which it does not properly validate the application about the file system functionality of the user namespace. Because Ubuntu comes with a patch that allows unprivileged overlayfs mounts, local attackers can use it to gain higher privileges.

At present, the details of the vulnerability have been made public, please take measures to protect the affected users as soon as possible.

two。 Affect the version

Ubuntu 20.10

Ubuntu 20.04 LTS

Ubuntu 18.04 LTS

Ubuntu 16.04 LTS

Ubuntu 14.04 ESM

three。 Loophole analysis

Linux supports file functions stored in extended file attributes that work like setuid-bit, but with finer granularity. The simplified process for setting up the file function in pseudo code is as follows:

The important call is cap_convert_nscap, which checks for namespace-related permissions.

If we set up file functionality from our own namespaces and mounts, there will be no problem, and we have permission to do so. But when OverlayFS forwards this operation to the underlying file system, it only calls vfs_setxattr and skips the check in cap_convert_nscap.

This allows arbitrary functionality to be set on files in the external namespace / mount and applied during execution.

In Linux 5.11, the call to cap_convert_nscap is moved to vfs_setxattr, and the attack is difficult to implement.

four。 Vulnerability exploitation

Test environment: Ubuntu 18.04LTS

Local users log in to the system and run POC.

five。 Defense advice

Update the system package version.

After reading the above, have you mastered how to carry out CVE-2021-3493 early warning of Ubuntu vulnerabilities? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.