module
Android get_user/put_user Exploit
| Disclosed | Created |
|---|---|
| 2013-09-06 | 2018-05-30 |
Disclosed
2013-09-06
Created
2018-05-30
Description
This module exploits a missing check in the get_user and put_user API functions
in the linux kernel before 3.5.5. The missing checks on these functions
allow an unprivileged user to read and write kernel memory.
This exploit first reads the kernel memory to identify the commit_creds and
ptmx_fops address, then uses the write primitive to execute shellcode as uid 0.
The exploit was first discovered in the wild in the vroot rooting application.
in the linux kernel before 3.5.5. The missing checks on these functions
allow an unprivileged user to read and write kernel memory.
This exploit first reads the kernel memory to identify the commit_creds and
ptmx_fops address, then uses the write primitive to execute shellcode as uid 0.
The exploit was first discovered in the wild in the vroot rooting application.
Authors
fi01
cubeundcube
timwr
cubeundcube
timwr
Platform
Android,Linux
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.