Introduction to Linux local privilege escalation vulnerability

王林
Release: 2020-09-01 16:49:34
forward
2151 people have browsed it

Introduction to Linux local privilege escalation vulnerability

On July 20, 2019, Linux officially fixed a local kernel privilege escalation vulnerability. An attacker can use this vulnerability to elevate users with normal privileges to Root privileges.

(Recommended tutorial: Website Security Tutorial)

Vulnerability Description

When PTRACE_TRACEME is called, the ptrace_link function will obtain an RCU reference to the parent process's credentials , and then point the pointer to the get_cred function. However, the lifetime rules of the object struct cred do not allow unconditional conversion of an RCU reference into a stable reference.

PTRACE_TRACEME obtains the credentials of the parent process, enabling it to perform various operations like the parent process that the parent process can perform. If a malicious low-privilege child process uses PTRACE_TRACEME and the child process's parent process has high privileges, the child process can gain control of its parent process and call the execve function using the parent process's privileges to create a new high-privilege process. The attacker ultimately controls the ptrace relationship between two processes with high privileges, which can be used to ptrace.

suid binary and gain root permissions.

Vulnerability Recurrence

There is a highly exploitable exploit for this vulnerability on the Internet. The exploit effect is as follows:

Introduction to Linux local privilege escalation vulnerability

##Scope of impact

Currently affected Linux kernel versions:

Linux Kernel Repair suggestions

1. Patch repair link :

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
Copy after login

2. Upgrade the Linux kernel to the latest version.

Reference link

https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
Copy after login

The above is the detailed content of Introduction to Linux local privilege escalation vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:secpulse.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template