Metasploit modules that can be used to exploit Canonical » Ubuntu Linux » 8.04 lts
-
2021 Ubuntu Overlayfs LPE
Disclosure Date: 2021-04-12First seen: 2022-12-23exploit/linux/local/cve_2021_3493_overlayfsThis module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is the result of failing to verify the ability of a user to set the attributes in a running executable. Specifically, when Overlayfs sends the set attributes data to the underlying file system via `vfs_setxattr`, it fails to first verify the data by calling `cap_convert_nscap`. This vulnerability was patched by moving the call to `cap_convert_nscap` into the `vfs_setxattr` function that sets the attribute, forcing verification every time the `vfs_setxattr` is called rather than trusting the data was already verified. Authors: - ssd-disclosure - bwatters-r7 -
Overlayfs Privilege Escalation
Disclosure Date: 2015-06-16First seen: 2020-04-26exploit/linux/local/overlayfs_priv_escThis module attempts to exploit two different CVEs related to overlayfs. CVE-2015-1328: Ubuntu specific -> 3.13.0-24 (14.04 default) < 3.13.0-55 3.16.0-25 (14.10 default) < 3.16.0-41 3.19.0-18 (15.04 default) < 3.19.0-21 CVE-2015-8660: Ubuntu: 3.19.0-18 < 3.19.0-43 4.2.0-18 < 4.2.0-23 (14.04.1, 15.10) Fedora: < 4.2.8 (vulnerable, un-tested) Red Hat: < 3.10.0-327 (rhel 6, vulnerable, un-tested) Authors: - h00die <mike@shorebreaksecurity.com> - rebel
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details