POC详情: 86cdecce477ffda2bed85c84df75676bc45d539c

来源
https://github.com/cgwalters/cve-2020-14386
关联漏洞
标题: Linux kernel 缓冲区错误漏洞 (CVE-2020-14386)
描述:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 5.9-rc4之前版本中af_packet.c存在安全漏洞。该漏洞允许攻击者触发拒绝服务并执行代码。
介绍
# Reproducer for CVE-2020-14386

Pre-built container: `registry.svc.ci.openshift.org/coreos/cve-2020-14386`

You probably want to test against an explicit node, like this:

```
apiVersion: v1
kind: Pod
metadata:
  name: cve-2020-14386
spec:
  restartPolicy: Never
  nodeName: <yournode>
  containers:
  - name: cve-2020-14386
    image: registry.svc.ci.openshift.org/coreos/cve-2020-14386
    imagePullPolicy: Always
```

Replace `yournode` with a particular node you want to validate, then
`kubectl create -f pod.yaml` from the content above.
If your kernel is vulnerable, the node may crash or reboot; use e.g.
`kubectl get node/<nodename>` and check if the node goes `NotReady`
and reboots.

If the node is not vulnerable, then `kubectl logs pod/cve-2020-14386`
will show something like:
```
Running reproducer for CVE-2020-14386 in 5s - this may crash the node
Reproducer exited successfully - node probably not vulnerable
```
文件快照

 [4.0K]  /data/pocs/86cdecce477ffda2bed85c84df75676bc45d539c
├── [ 823]  50-reset-crio-capabilities.conf
├── [3.9K]  cve-cap-net-raw.c
├── [ 514]  Dockerfile
├── [ 931]  README.md
└── [ 286]  wrapper.sh

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。