关联漏洞
Description
GameOver(lay) Ubuntu Privilege Escalation
介绍
# GameOver(lay) Ubuntu Privilege Escalation
### CVE-2023-2640
https://www.cvedetails.com/cve/CVE-2023-2640/
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
### CVE-2023-32629
https://www.cvedetails.com/cve/CVE-2023-32629/
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels.
### Vulnerable kernels
| Kernel version | Ubuntu release |
| --- | --- |
| 6.2.0 | Ubuntu 23.04 (Lunar Lobster) / Ubuntu 22.04 LTS (Jammy Jellyfish) |
| 5.19.0 | Ubuntu 22.10 (Kinetic Kudu) / Ubuntu 22.04 LTS (Jammy Jellyfish) |
| 5.4.0 | Ubuntu 22.04 LTS (Local Fossa) / Ubuntu 18.04 LTS (Bionic Beaver) |
### Usage
Tested on kernels 5.19.0 and 6.2.0.
1. Just run the script in the low-priv shell.
```
./exploit.sh
```
2. Remember to type "exit" to finish the root shell and leave the house cleaned.
### Example
### License
Feel free to use or modify whenever and wherever you like.
文件快照
[4.0K] /data/pocs/93c04dd929eb93e88f8094e26f6cb1a49e54e884
├── [ 558] exploit.sh
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →