exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-1328

Status Candidate

Overview

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Download | Favorite | View
Ubuntu 12.04 / 14.04 / 14.10 / 15.04 overlayfs Local Root
Posted Jun 16, 2015
Authored by rebel

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.

tags | exploit, kernel, root, code execution
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3c
Download | Favorite | View
Ubuntu Security Notice USN-2640-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919ef
Download | Favorite | View
Ubuntu Security Notice USN-2646-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8
Download | Favorite | View
Ubuntu Security Notice USN-2645-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78
Download | Favorite | View
Ubuntu Security Notice USN-2647-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523c
Download | Favorite | View
Ubuntu Security Notice USN-2643-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43
Download | Favorite | View
Ubuntu Security Notice USN-2644-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0
Download | Favorite | View
Ubuntu Security Notice USN-2641-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5e
Download | Favorite | View
Ubuntu Security Notice USN-2642-1
Posted Jun 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1328
SHA-256 | 6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248b
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close