vendor:
glibc
by:
halfdog and Brendan Coles
7.2
CVSS
HIGH
Buffer Underflow
121
CWE
Product Name: glibc
Affected Version From: 2.23-0ubuntu9
Affected Version To: 2.24-11+deb9u1
Patch Exists: YES
Related CWE: 2018-1000001
CPE: a:gnu:glibc:2.23-0ubuntu9
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Ubuntu Linux 16.04.3 (x86_64) and Debian 9.0 (x86_64)
2018
glibc ‘realpath()’ Privilege Escalation
This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled.
Mitigation:
Upgrade to glibc version 2.26 or later
