Skip to content

针对(CVE-2023-0179)漏洞利用 该漏洞被分配为CVE-2023-0179,影响了从5.5到6.2-rc3的所有Linux版本,该漏洞在6.1.6上被测试。 漏洞的细节和文章可以在os-security上找到。

Notifications You must be signed in to change notification settings

H4K6/CVE-2023-0179-PoC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Needle (CVE-2023-0179) exploit

This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.

The vulnerability details and writeup can be found on oss-security

Building instructions

Just invoke the make needle command to generate the corresponding executable.

libmnl and libnftnl are required for the build to succeed:

sudo apt-get install libmnl-dev libnftnl-dev

Infoleak

The exploit will enter an unprivileged user and network namespace and add an nft_payload expression via the rule_add_payload function which, when evaluated, will trigger the stack buffer overflow and overwrite the registers.

The content is then retrieved with the following nft command:

nft list map netdev mytable myset12

The output will leak several shuffled addresses relative to kernel data structures, among which we find a kernel instruction address and the regs pointer.

LPE

The exploit creates a new user account needle:needle with UID 0 by abusing the modprobe_path variable.

Enjoy root privileges.

Demo

asciicast

Credits

About

针对(CVE-2023-0179)漏洞利用 该漏洞被分配为CVE-2023-0179,影响了从5.5到6.2-rc3的所有Linux版本,该漏洞在6.1.6上被测试。 漏洞的细节和文章可以在os-security上找到。

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published