module

AF_PACKET chocobo_root Privilege Escalation

Try Surface Command
Back to search
Disclosed
2016-08-12
Created
2018-06-14

Description

This module exploits a race condition and use-after-free in the
packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in
the Linux kernel to execute code as root (CVE-2016-8655).

The bug was initially introduced in 2011 and patched in 2016 in version
4.4.0-53.74, potentially affecting a large number of kernels; however
this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels
4.4.0 Linux Mint.

The target system must have unprivileged user namespaces enabled,
two or more CPU cores, and SMAP must be disabled.

Bypasses for SMEP and KASLR are included. Failed exploitation
may crash the kernel.

This module has been tested successfully on

Linux Mint 17.3 (x86_64);
Linux Mint 18 (x86_64);
Ubuntu 16.04 (x86_64); and
Ubuntu 16.04.2 (x86_64).

Authors

rebel
bcoles bcoles@gmail.com

Platform

Linux

Architectures

x86, x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/linux/local/af_packet_chocobo_root_priv_esc
    msf exploit(af_packet_chocobo_root_priv_esc) > show targets
        ...targets...
    msf exploit(af_packet_chocobo_root_priv_esc) > set TARGET < target-id >
    msf exploit(af_packet_chocobo_root_priv_esc) > show options
        ...show and set options...
    msf exploit(af_packet_chocobo_root_priv_esc) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today