• Stars
    star
    397
  • Rank 108,561 (Top 3 %)
  • Language
    C
  • Created over 3 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Ubuntu OverlayFS Local Privesc

CVE-2021-3493

Ubuntu OverlayFS Local Privesc

Affected Versions

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM

Usage

  • gcc exploit.c -o exploit
  • ./exploit

Description

"Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts." - Ubuntu Security

Fixed in Linux 5.11

References

Disclaimer

I am not the author of this exploit. I have not made any modifications to the PoC found here: https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/.