关联漏洞
描述
glibc getcwd() local privilege escalation compiled binaries
介绍
# glibc - 'getcwd()' Local Privilege Escalation
Attention:
__All rights to the exploit writer. I have just compiled and organized a repository for this CVE.__
CVE: 2018-1000001
Alias: RationalLove
* exploit-debian - Exploit compiled in debian x64
* exploit-ubuntu - Exploit compiled in ubuntu x64
# Am I vulnerable?
To discover if the machine is vulnerable:
```bash
dpkg --list | grep -i libc6
```
If your libc6 package is:
* 2.24-11+deb9u1 for Debian Stretch
* 2.23-0ubuntu9 for Ubuntu Xenial Xerus
Then you're probably vulnerable.
If you are lazy, I developed a shell script to check if your machine is vulnerable.
It is in this repository, and it is named `vulncheck.sh`. You can use it to determine if the public exploit will work or not based on the libc6 package.
# Exploitation
Simply drop the binary into the vulnerable system and execute it to get root.
# Remediation
It is recommended immediate patch of libc package using `apt-get update -y && apt-get upgrade -y`
文件快照
[4.0K] /data/pocs/eac7642a3573e55415674474fd14890f77de97d7
├── [ 36K] 43775.c
├── [ 33K] exploit-debian
├── [ 33K] exploit-ubuntu
├── [4.0K] img
│ └── [ 84K] photo_2018-02-06_19-28-12.jpg
├── [1.1K] README.md
└── [ 812] vulncheck.sh
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。