module
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
| Disclosed | Created |
|---|---|
| 2017-08-10 | 2019-03-19 |
Disclosed
2017-08-10
Created
2019-03-19
Description
This module attempts to gain root privileges on Linux systems by abusing
UDP Fragmentation Offload (UFO).
This exploit targets only systems using Ubuntu (Trusty / Xenial) kernels
4.4.0-21 based on Ubuntu, such as Linux Mint.
The target system must have unprivileged user namespaces enabled
and SMAP disabled.
Bypasses for SMEP and KASLR are included. Failed exploitation
may crash the kernel.
This module has been tested successfully on various Ubuntu and Linux
Mint systems, including:
Ubuntu 14.04.5 4.4.0-31-generic x64 Desktop;
Ubuntu 16.04 4.8.0-53-generic;
Linux Mint 17.3 4.4.0-89-generic;
Linux Mint 18 4.8.0-58-generic
UDP Fragmentation Offload (UFO).
This exploit targets only systems using Ubuntu (Trusty / Xenial) kernels
4.4.0-21 based on Ubuntu, such as Linux Mint.
The target system must have unprivileged user namespaces enabled
and SMAP disabled.
Bypasses for SMEP and KASLR are included. Failed exploitation
may crash the kernel.
This module has been tested successfully on various Ubuntu and Linux
Mint systems, including:
Ubuntu 14.04.5 4.4.0-31-generic x64 Desktop;
Ubuntu 16.04 4.8.0-53-generic;
Linux Mint 17.3 4.4.0-89-generic;
Linux Mint 18 4.8.0-58-generic
Authors
Andrey Konovalov
h00die
bcoles bcoles@gmail.com
h00die
bcoles bcoles@gmail.com
Platform
Linux
Architectures
x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.