Metasploit modules that can be used to exploit Redhat » Enterprise Linux Server Aus » 8.2

Order by Disclosure Date Module Name Module Type
  • Dirty Pipe Local Privilege Escalation via CVE-2022-0847
    Disclosure Date: 2022-02-20
    First seen: 2022-12-23
    exploit/linux/local/cve_2022_0847_dirtypipe
    This exploit targets a vulnerability in the Linux kernel since 5.8, that allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and then writing the original data back. There are two major limitations of this exploit: the offset cannot be on a page boundary (it needs to write one byte before the offset to add a reference to this page to the pipe), and the write cannot cross a page boundary. This means the payload must be less than the page size (4096 bytes). Authors: - Max Kellermann - timwr
  • Docker cgroups Container Escape
    Disclosure Date: 2022-02-04
    First seen: 2023-12-07
    exploit/linux/local/docker_cgroup_escape
    This exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. More simply put, cgroups v1 has a feature called release_agent that runs a program when a process in the cgroup terminates. If notify_on_release is enabled, the kernel runs the release_agent binary as root. By editing the release_agent file, an attacker can execute their own binary with elevated privileges, taking control of the system. However, the release_agent file is owned by root, so only a user with root access can modify it. Authors: - h00die - Yiqi Sun - Kevin Wang - T1erno
  • Local Privilege Escalation in polkits pkexec
    Disclosure Date: 2022-01-25
    First seen: 2022-12-23
    exploit/linux/local/cve_2021_4034_pwnkit_lpe_pkexec
    A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent. Authors: - Qualys Security - Andris Raugulis - Dhiraj Mishra - bwatters-r7
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close