Linux Kernel – ‘BadIRET’ Local Privilege Escalation

Exploit Database
38 阅读

作者： Ren Kimura

日期： 2017-07-24
类别：
- local
平台：
- linux
来源：https://www.exploit-db.com/exploits/44205/

# CVE-2014-9322 PoC for Linux kernel
CVE-2014-9322 (a.k.a BadIRET) proof of concept for Linux kernel.
This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls.
[Raw Linux Threads via System Calls](http://nullprogram.com/blog/2015/05/15/)

# Usage
```
$ make
```
**badiret.elf** is an ELF executable.
**badiret.bin** is a raw binary that can be used as payload.

# Reference
[Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation)](https://blogs.bromium.com/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/)

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44205.zip

last Exploits
Linux Kernel – ‘BadIRET’ Local Privilege Escalation的更多信息

Winpakpro 4.8 – ‘ScheduleService’ Unquoted Service Path：
Global Registration Service 1.0.0.3 – ‘GREGsvc.exe’ Unquoted Service Path：
Exim 4.84-3 – Local Privilege Escalation：
Procps-ng – Multiple Vulnerabilities：
CoolPlayer 2.18 – DEP Bypass：
PCProtect 4.8.35 – Privilege Escalation：
Bitsmith PS Knowbase 3.2.3 – Local Buffer Overflow：
IBM DB2 – ‘REPEAT()’ Local Heap Buffer Overflow：