what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-1328

Status Candidate

Overview

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root
Posted Jun 16, 2015
Authored by rebel

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.

tags | exploit, kernel, root, code execution
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3c
Ubuntu Security Notice USN-2640-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919ef
Ubuntu Security Notice USN-2646-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8
Ubuntu Security Notice USN-2645-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78
Ubuntu Security Notice USN-2647-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523c
Ubuntu Security Notice USN-2643-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43
Ubuntu Security Notice USN-2644-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0
Ubuntu Security Notice USN-2641-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5e
Ubuntu Security Notice USN-2642-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248b
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close