CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

This is a local root exploit for Apache HTTPd. Details here. This is a POC. It might fail for a dozen of reasons. PR welcome.

Targets

The exploit has been tested and works on:

Ubuntu 18.04.2 LTS

PHP : 7.1.27-1 / 7.2.15-0 / 7.3.3-1
Apache : Apache/2.4.29 (Ubuntu), build 2018-03-02T02:19:31

Ubuntu 16.04.6 LTS

PHP : 7.1.27-1 / 7.2.16-1 / 7.3.3-1
Apache : Apache/2.4.18 (Ubuntu), build 2016-04-15T18:00:57

Debian GNU/Linux 9.8 (stretch)

PHP : 7.1.27-1 / 7.2.16-1 / 7.3.3-1
Apache : Apache/2.4.25 (Debian), build 2018-11-03T18:46:19 (latest version when debian-security repo is disabled)

From:https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache