module
Linux Kernel recvmmsg Privilege Escalation
| Disclosed | Created |
|---|---|
| 2014-02-02 | 2018-05-30 |
Disclosed
2014-02-02
Created
2018-05-30
Description
This module attempts to exploit CVE-2014-0038, by sending a recvmmsg
system call with a crafted timeout pointer parameter to gain root.
This exploit has offsets for 3 Ubuntu 13 kernels:
3.8.0-19-generic (13.04 default);
3.11.0-12-generic (13.10 default);
3.11.0-15-generic (13.10).
This exploit may take up to 13 minutes to run due to a decrementing
(1/sec) pointer which starts at 0xff*3 (765 seconds)
system call with a crafted timeout pointer parameter to gain root.
This exploit has offsets for 3 Ubuntu 13 kernels:
3.8.0-19-generic (13.04 default);
3.11.0-12-generic (13.10 default);
3.11.0-15-generic (13.10).
This exploit may take up to 13 minutes to run due to a decrementing
(1/sec) pointer which starts at 0xff*3 (765 seconds)
Authors
h00die mike@shorebreaksecurity.com
rebel
rebel
Platform
Linux
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.