Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the example analysis of the recurrence of Linux local kernel rights lifting vulnerability CVE-2019-13272. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Introduction to 0x00

On July 20, 2019, Linux officially fixed a local kernel rights loophole. Through this vulnerability, an attacker can escalate a normal privileged user to Root privileges.

Overview of 0x01 vulnerabilities

When PTRACE_TRACEME is called, the ptrace_link function gets a RCU reference to the parent process credentials and points the pointer to the get_cred function. However, the lifecycle rules of the object struct cred do not allow unconditional conversion of RCU references to stable references.

PTRACE_TRACEME acquires the credentials of the parent process, enabling it to perform various operations that the parent process can perform like the parent process. If a malicious low-privilege child process uses PTRACE_TRACEME and the parent process of the child process has high privileges, the child process can gain control of its parent process and call the execve function with the privileges of its parent process to create a new high-privilege process.

0x02 affects version

Currently affected Linux kernel versions:

Linux Kernel

Switch to test user

Su test

Check whether the system kernel version is less than 5.1.17

Uname-a

0x04 vulnerability exploitation

View the current user and the current user's UID

Download the exploit script and save it as a poc.c file

Https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272

Compile c file with gcc to generate exp file

Gcc poc.c-o exp

Run the generated exp

. / exp

You can see that exp has been successfully used to upgrade ordinary users from test to root.

Check the current user after successful utilization

View the UID of the current user, which has become root

0x05 repair mode

Patch repair link:

Https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

Summary of 0x06

This vulnerability is a local rights enhancement vulnerability, which cannot be successful in vps, so for penetration testers, this vulnerability is more suitable for testing in the enterprise intranet. For Party A's security personnel, there are only three words to patch.

The result of executing exp on vps:

EXP script:

Https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272

After reading the above, do you have any further understanding of the example analysis of the recurrence of Linux local kernel privilege vulnerability CVE-2019-13272? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.