Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-1000112 PoC — Linux kernel 安全漏洞

Source
https://github.com/IT19083124/SNP-Assignment
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2017-1000112)
Description:Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
Description
Exploit work Privilege Escalation CVE-2017-1000112
Readme
# SNP-Assignment
Exploit work Privilege Escalation CVE-2017-1000112
as the privilege escalation is the mile stone of an attakers view,i try to do a little research on loval privilege escalation which is the basic step of whole privilege escalation unit. while im reading some articles 2016 and 2017 are the years with most no of privilege escalation reports on local and also remote. so i did try to exploit a vulurability with my knowledge with the help of intrnet to understand how these exploits happened not even by a n expert attaker. in the linux os system because of the open source , i can understant what is realy happening, and the teminal can directly run any c program which written by us. i searched for a vulnurebility which use c program and i found one which is easy to gain root access by running the program. all i need is to write a perfect c program and run it.
File Snapshot

 [4.0K]  /data/pocs/862784c77780eec8432ee499abbeb9719ea2c547
├── [ 26K]  47169 (copy).c
├── [1.5M]  IT19083124.pdf
└── [ 882]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →