Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit #9469
@sempervictus MSF linux local EoP needed some love.
As for on-host detection of libraries - Tavis discusses some techniques to find libraries with constructors programmatically using
From Tavis' advisory:
Disassembling and analyzing potentially viable libraries programmatically on-host on-the-fly without access to the application source code would be cool, but well beyond the scope of this PR.
Instead, additional known-vulnerable libraries could be added to the module as targets in the future.
Tavis pointed out
Similarly, Todor Donev pointed out that
It seems that systems without
Ubuntu 10.04 x64 (only openSSH added from iso install)
The exploits/linux/local/glibc_ld_audit_dso_load_priv_esc module has been added to the framework. This module abuses a vulnerability in the GNU C Library (glibc) dynamic linker on Ubuntu 10.04 and other similar age operating systems for local privilege escalation.