Exploiting the Linux kernel via packet sockets (Project Zero)
Exploiting the Linux kernel via packet sockets (Project Zero)
[Kernel] Posted May 10, 2017 16:45 UTC (Wed) by corbet
The Project Zero site has a
detailed exploration of how to exploit CVE-2017-7308, a vulnerability
in the kernel's packet socket implementation.
"Let’s see how we can exploit this vulnerability. I’m going to be
targeting x86-64 Ubuntu 16.04.2 with 4.8.0-41-generic kernel version with
KASLR, SMEP and SMAP enabled. Ubuntu kernel has user namespaces available
to unprivileged users (CONFIG_USER_NS=y and no restrictions on [its] usage),
so the bug can be exploited to gain root privileges by an unprivileged
user. All of the exploitation steps below are performed from within a user
namespace.
"