header-logo
Suggest Exploit
vendor:
Linux Kernel
by:
Unknown
7.5
CVSS
HIGH
Command-Injection
78
CWE
Product Name: Linux Kernel
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Linux
Unknown

Local Command-Injection Vulnerability in Linux Kernel via Console Keymap Modifications

The Linux kernel is susceptible to a local command-injection vulnerability via console keymap modifications. This issue occurs because unprivileged users can alter the system-wide console keymap.Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the console keymap configuration and only allow privileged users to modify it. Regular monitoring and auditing of console keymap changes can also help detect any unauthorized modifications.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15122/info

The Linux kernel is susceptible to a local command-injection vulnerability via console keymap modifications. This issue occurs because unprivileged users can alter the system-wide console keymap.

Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation. 

loadkeys <<EOF
keycode 15 = F23
string F23 = "^V^C^V^Mecho hello world^V^M"
EOF

Navigation

Suggest Exploit

Services By CQR

cqrsecured