module
2021 Ubuntu Overlayfs LPE
| Disclosed |
|---|
| Apr 12, 2021 |
Disclosed
Apr 12, 2021
Description
This module exploits a vulnerability in Ubuntu's implementation of overlayfs. The
vulnerability is the result of failing to verify the ability of a user to set the
attributes in a running executable. Specifically, when Overlayfs sends the set attributes
data to the underlying file system via `vfs_setxattr`, it fails to first verify the data
by calling `cap_convert_nscap`.
This vulnerability was patched by moving the call to `cap_convert_nscap`
into the `vfs_setxattr` function that sets the attribute, forcing verification every time the
`vfs_setxattr` is called rather than trusting the data was already verified.
vulnerability is the result of failing to verify the ability of a user to set the
attributes in a running executable. Specifically, when Overlayfs sends the set attributes
data to the underlying file system via `vfs_setxattr`, it fails to first verify the data
by calling `cap_convert_nscap`.
This vulnerability was patched by moving the call to `cap_convert_nscap`
into the `vfs_setxattr` function that sets the attribute, forcing verification every time the
`vfs_setxattr` is called rather than trusting the data was already verified.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.