CVE-2015-1318 PoC — Ubuntu Apport 安全漏洞

Source

https://github.com/ScottyBauer/CVE-2015-1318

Associated Vulnerability

Title:Ubuntu Apport 安全漏洞 (CVE-2015-1318)
Description:The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).

Description

Exploit I used to claim 10% final-grade extra credit in Matthew Might's Compilers class.

Readme

# CVE-2015-1318

Exploit I used to claim 10% final-grade extra credit in Matthew Might's Compilers class.
https://bugs.launchpad.net/apport/+bug/1438758

Bonus opportunities (http://matt.might.net/teaching/compilers/spring-2015/)

Use an exploit on vulcan to gain root access: +10% for a local user exploit; +15% for a remote exploit (e.g. breaking in via apache). You must exploit a vulnerability (e.g. buffer overflow) for Ubuntu on vulcan to gain root; that is, you can't steal my laptop while it has an open ssh connection to vulcan to claim the prize. You must write up a short summary of the vulnerability and how you exploited it. (You may use a prepackaged tool for exploitation.) Mail the summary to me for approval and then to the class. Each individual exploit may only be claimed once, and the first to exploit wins. To signal that you have claimed root, modify the message of the day.

File Snapshot


 [4.0K]  /data/pocs/c834afb88f7a087cf4a9f7ac4d92eae3781f439f
├── [4.4K]  CVE-2015-1318.c
├── [ 899]  README.md
├── [ 277]  rootyTooty.c
└── [ 564]  rootyTooty_setuid.c

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!