what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2019-13272

Status Candidate

Overview

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Related Files

Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
Posted Nov 23, 2021
Authored by Ujas Dhami

Linux kernel version 5.1.x PTRACE_TRACEME pkexec local privilege escalation exploit.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2019-13272
SHA-256 | 8d5c414fa51cc67f0202260354e046cc0dfc7b5fd8dbc677b42d007fa51ef016
Linux PTRACE_TRACEME Local Root
Posted Mar 26, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski

Linux kernel versions starting at 4.10 and below 5.1.7 PTRACE_TRACEME local root exploit that uses the pkexec technique.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2019-13272
SHA-256 | e7f854bf4bfbbd6ef656848e475779ed5d37f0342d90b357fbfff5954374bb40
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
Posted Oct 23, 2019
Authored by Brendan Coles, Jann Horn, timwr | Site metasploit.com

This Metasploit module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2019-13272
SHA-256 | 072effef6153caac38d664913a4c85d900178cc8a6bc497726bd11fee5a2a0bc
Red Hat Security Advisory 2019-2809-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2809-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-13272, CVE-2019-5489, CVE-2019-6974
SHA-256 | 065fb6804a32c763981ec09f0933ce0630e20b3bed1485d5fd86a3a94081c7d1
Ubuntu Security Notice USN-4117-1
Posted Sep 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4117-1 - It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2019-10126, CVE-2019-10638, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-3846, CVE-2019-3900
SHA-256 | 08931d3a174297788ef3a8a0259a69406ef81389b33e15ab37700c7d4e440f45
Kernel Live Patch Security Notice LSN-0054-1
Posted Aug 28, 2019
Authored by Benjamin M. Romer

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2018-1129, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272, CVE-2019-2101, CVE-2019-3846
SHA-256 | 3bf6f3467455c33428751c5faf437aa7d6c64fe01342c90cc65e1d94808e2336
Ubuntu Security Notice USN-4093-1
Posted Aug 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4093-1 - It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-3846
SHA-256 | 972368dcf6177d5f57f6c9563b2ca592739590e4dce2d1505555c8bf5670da14
Ubuntu Security Notice USN-4095-1
Posted Aug 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4095-1 - Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-11599, CVE-2019-12614, CVE-2019-13272, CVE-2019-3846
SHA-256 | 73242072359d7bf186617f05dbb4e22278a6357ede250b31c563407ebd584e49
Ubuntu Security Notice USN-4094-1
Posted Aug 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4094-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14613, CVE-2018-14614, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846
SHA-256 | 057991c54bda99e36e45617061b5319a3d5749216d070d59b5d605ff61ea7dcc
Red Hat Security Advisory 2019-2411-01
Posted Aug 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2411-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-1125, CVE-2019-13272
SHA-256 | 047d05f784457ec09bc3083cf9e694ae3aac8eded39bd2eb1e1ea51dff7ade8a
Red Hat Security Advisory 2019-2405-01
Posted Aug 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2405-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-1125, CVE-2019-13272
SHA-256 | 412c1c44ac3d87cbbad738856106f7406cb4301044d240cb7523bedeafb903e9
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Jul 22, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-16597, CVE-2019-10126, CVE-2019-11599, CVE-2019-13272, CVE-2019-3846, CVE-2019-3892
SHA-256 | eaf1386a913b81696db65328fdebb33b9ed751d8ee87000e03613ee7ec8b2e5f
Debian Security Advisory 4484-1
Posted Jul 20, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4484-1 - Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.

tags | advisory, kernel, local, root
systems | linux, debian
advisories | CVE-2019-13272
SHA-256 | f9eb27ffe2fd4a5b01dda4f4541e92421403c124e205baa16698ce8353887e1e
Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling
Posted Jul 16, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from broken permission and object lifetime handling for PTRACE_TRACEME.

tags | exploit
systems | linux
advisories | CVE-2019-13272
SHA-256 | 30dafcd01fe3416a51e40e4a4f49ab60f981e89f93b9635b6199d3e4fa21fde9
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close