/CVE-2018-1000001

glibc getcwd() local privilege escalation compiled binaries

Primary LanguageC

glibc - 'getcwd()' Local Privilege Escalation

Attention: All rights to the exploit writer. I have just compiled and organized a repository for this CVE.

CVE: 2018-1000001 Alias: RationalLove

  • exploit-debian - Exploit compiled in debian x64
  • exploit-ubuntu - Exploit compiled in ubuntu x64

Am I vulnerable?

To discover if the machine is vulnerable:

dpkg --list | grep -i libc6

If your libc6 package is:

  • 2.24-11+deb9u1 for Debian Stretch
  • 2.23-0ubuntu9 for Ubuntu Xenial Xerus

Then you're probably vulnerable.

If you are lazy, I developed a shell script to check if your machine is vulnerable.

It is in this repository, and it is named vulncheck.sh. You can use it to determine if the public exploit will work or not based on the libc6 package.

Exploitation

Simply drop the binary into the vulnerable system and execute it to get root. Exploit

Remediation

It is recommended immediate patch of libc package using apt-get update -y && apt-get upgrade -y