CVE-2017-11176 PoC — Linux kernel 安全漏洞

Source

https://github.com/DoubleMice/cve-2017-11176

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2017-11176)
Description:The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.

Description

My first try to code my own LPE exploit.

Readme

# cve-2017-11176
 Local Privilege Escalation
> develope on ubuntu 4.4.0-62 kernel
## about
My first try to code my own LPE exploit.

## developement line
[c2bbad5f471ef2b112f343fde1f4e7ff94fe28d1](https://github.com/DoubleMice/cve-2017-11176/commit/c2bbad5f471ef2b112f343fde1f4e7ff94fe28d1)

triger kernel uaf

[d2872d5c0d642e20c807a960f99d9533dde5d809](https://github.com/DoubleMice/cve-2017-11176/commit/d2872d5c0d642e20c807a960f99d9533dde5d809)

now,we can use another thread to unblock main thread without systemtap.

## todo
* exploit to get root shell

## reference
- [lexfo:linux-kernel-exploitation](https://blog.lexfo.fr/)

    While this guy's work was based on Debian8.6.0(kernel version:3.16.36).
    But honestly,his articles are very nice to the freshman who wants to enjoy kernel exploit.
    Thanks.

File Snapshot


 [4.0K]  /data/pocs/671f2ca42ce6b7dad876635a4988e221636e0167
├── [4.1K]  poc.c
├── [ 815]  README.md
├── [5.1K]  spy.stp
└── [129K]  systemtap-tutorial.pdf

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!