exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-1328

Status Candidate

Overview

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root
Posted Jun 16, 2015
Authored by rebel

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.

tags | exploit, kernel, root, code execution
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3c
Ubuntu Security Notice USN-2640-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919ef
Ubuntu Security Notice USN-2646-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8
Ubuntu Security Notice USN-2645-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78
Ubuntu Security Notice USN-2647-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523c
Ubuntu Security Notice USN-2643-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43
Ubuntu Security Notice USN-2644-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0
Ubuntu Security Notice USN-2641-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5e
Ubuntu Security Notice USN-2642-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248b
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close