exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-8660

Status Candidate

Overview

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Download | Favorite | View
Red Hat Security Advisory 2016-1539-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-2143, CVE-2016-4470
SHA-256 | a0ebfcaea69e03370b97678ac5b2af09385693a06588a694af826744d11bfd62
Download | Favorite | View
Red Hat Security Advisory 2016-1532-02
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | ae0ec067d76f883f07ac5ae1dac7a6ee3601b9b24f9fbd3814d99d690ead6941
Download | Favorite | View
Red Hat Security Advisory 2016-1541-03
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | 993b6f46bf8ef0fd9c20f5a4cd5b31000f1cfdfbbebb96d3af8403e94e254c62
Download | Favorite | View
Ubuntu 14.04 LTS / 15.10 overlayfs Local Root
Posted Jan 6, 2016
Authored by rebel

Ubuntu 14.04 LTS and 15.10 overlayfs local root exploit.

tags | exploit, local, root
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 1bf1b95880d7fb521bfe0cf76bb75801961ebb5f6b4b91508407ee6bad1b5076
Download | Favorite | View
Ubuntu Security Notice USN-2858-3
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-3 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 48425681b0b5e53cc4b801c91c5dcb8b298e07313c119da1cedff6eacf4292a3
Download | Favorite | View
Ubuntu Security Notice USN-2858-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 84b822e206e80ae7b54ed801761cd7e4fb9808f03798dc7446e5325a4760b793
Download | Favorite | View
Ubuntu Security Notice USN-2858-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 45cfcb2e85fdde5eb27a504542175a36445956c958ab02632509d0bd1adead99
Download | Favorite | View
Ubuntu Security Notice USN-2857-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 7e38428ed628f59f51dad90aea0dacbac3f82c78e918bc84ccec9e85b4f01c29
Download | Favorite | View
Ubuntu Security Notice USN-2857-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 8af0ea8abe573c2c245c547df79ec15d62a5547312f9d4d0daf04fa42de8d477
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close