CVE 2015-8660 Research

Description

This is research I conducted on the CVE 2015-8660 overlayFS vulnerability for my Operating System Security course final research project. The goal of this project was to find a Linux kernel vulnerability from 2012-2022, explain the vulnerability, explain the potential effects, and demonstrate the vulnerability using a crafted exploit. This vulnerability is caused by the ovl_setattr funtion located in the fs/overlayfs/inode.c program. When exploited via a crafted application, a malicious user will be able to gain privileged access to a loca machine. This vulnerability affects linux kernel versions through 4.3.3. My project research paper is included as well as a video of my demonstration using exploit code found on Exploit-db referenced below.

Tools Used

• CVE Database
• Virtual Machines (Ubuntu 15.04)

Environments Used

• Ubuntu 15.04

References

• exploitdb
• CVE