CVE-2021-3493 is an Ubuntu-specific issue in the overlayfs file system in the
Linux kernel where it did not properly validate the application of file system
capabilities to use namespaces. A local attacker could use this to gain
elevated privileges, due to a patch carried in Ubuntu to allow unprivileged
overlayfs mounts.
Lab Setup
- Ubuntu Machine (Affected Versions)
- Git Tools (To clone repository)
- GCC Compiler (To compile c file)
Implementation
-
Use the command
whoami and
id to check the
privilege of the current user.
-
To get the exploit - Clone the repository using the below command.
Ensure that git is installed in your system. If not, use the
command -
sudo apt-get install git.
|
Git Install Command
|
-
Once the git is installed clone the repository using the command - git clone https://github.com/briskets/CVE-2021-3493.git.
|
Git Clone Command
|
-
After cloning, the new directory named CVE-2021-3493 is created in
the present directory, navigate to that directory by using the command:
cd CVE-2021-3493.
|
Files in the repository
|
-
There is a file named exploit.c which is the C file.
Compile it using GCC compiler.
Command - gcc exploit.c.
|
Compiling the exploit
|
No comments:
Post a Comment