CVE 2018 1000001 Save

glibc getcwd() local privilege escalation compiled binaries

Project README

glibc - 'getcwd()' Local Privilege Escalation

Attention: All rights to the exploit writer. I have just compiled and organized a repository for this CVE.

CVE: 2018-1000001 Alias: RationalLove

exploit-debian - Exploit compiled in debian x64
exploit-ubuntu - Exploit compiled in ubuntu x64

Am I vulnerable?

To discover if the machine is vulnerable:

dpkg --list | grep -i libc6

If your libc6 package is:

2.24-11+deb9u1 for Debian Stretch
2.23-0ubuntu9 for Ubuntu Xenial Xerus

Then you're probably vulnerable.

If you are lazy, I developed a shell script to check if your machine is vulnerable.

It is in this repository, and it is named vulncheck.sh. You can use it to determine if the public exploit will work or not based on the libc6 package.

Exploitation

Simply drop the binary into the vulnerable system and execute it to get root. Exploit

Remediation

It is recommended immediate patch of libc package using apt-get update -y && apt-get upgrade -y

Open Source Agenda is not affiliated with "CVE 2018 1000001" Project. README Source: 0x00-0x00/CVE-2018-1000001

Stars

Open Issues

Last Commit

6 years ago

Repository

0x00-0x00/CVE-2018-1000001

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/cve-2018-1000001"><img src="https://www.opensourceagenda.com/projects/cve-2018-1000001/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022