Published: 28/12/2015 Updated: 07/06/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 736

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel up to and including 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

The system could be made to run programs as an administrator ...

The ovl_setattr function in fs/overlayfs/inodec in the Linux kernel through 433 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require "msf/core" class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) ...

/** This software is provided by the copyright owner "as is" and any * expressed or implied warranties, including, but not limited to, * the implied warranties of merchantability and fitness for a particular * purpose are disclaimed In no event shall the copyright owner be * liable for any direct, indirect, incidential, special, exemplary ...

/* just another overlayfs exploit, works on kernels before 2015-12-26 # Exploit Title: overlayfs local root # Date: 2016-01-05 # Exploit Author: rebel # Version: Ubuntu 1404 LTS, 1510 and more # Tested on: Ubuntu 1404 LTS, 1510 # CVE : CVE-2015-8660 blah@ubuntu:~$ id uid=1001(blah) gid=1001(blah) groups=1001(blah) blah@ubuntu:~$ uname -a &amp ...

Ubuntu 1404 LTS and 1510 overlayfs local root exploit ...

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs ...

Hi, I'm Nick Welcome to my portfolio! 👨‍💻 Completed Projects: C ls Security Auditing Java AES-GCM Message Sender TCP Socket File Transfer Python Keylogger Penetration Testing Labs Windows 7 Backdoor Windows 7 SSH 👨‍💻 On-going Projects: CVE Research (Completed by Dec '22) CVE-2015-8660

CVE 2015-8660 Research Description This is research I conducted on the CVE 2015-8660 overlayFS vulnerability for my Operating System Security course final research project The goal of this project was to find a Linux kernel vulnerability from 2012-2022, explain the vulnerability, explain the potential effects, and demonstrate the vulnerability using a crafted exploit This vul

这个代码包含了CVE-2015-8660漏洞的利用代码，还有注释，出现问题的源代码，打了补丁后的代码

CVE-2015-8660 这个代码包含了CVE-2015-8660漏洞的利用代码，还有注释，出现问题的源代码，打了补丁后的代码具体代码解释,请查看我的博客 blogcsdnnet/enjoy5512/article/details/51155798

Mr Robot Notes on the CTF Recon nmap nmap -A TARGET_IP PORT STATE SERVICE VERSION 22/tcp closed ssh 80/tcp open http Apache httpd |_http-server-header: Apache |_http-title: Site doesn't have a title (text/html) 443/tcp open ssl/http Apache httpd |_http-server-header: Apache |_http-title: Site doesn't have a title (text/html) | ssl-cert: Subject: com

CWE-264 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 https://github.com/torvalds/linux/commit/acff81ec2c79492b180fade3c2894425cd35a545 https://bugzilla.redhat.com/show_bug.cgi?id=1291329 http://www.openwall.com/lists/oss-security/2015/12/23/5 http://rhn.redhat.com/errata/RHSA-2016-1532.html http://rhn.redhat.com/errata/RHSA-2016-1541.html http://rhn.redhat.com/errata/RHSA-2016-1539.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/79671 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html http://www.securitytracker.com/id/1034548 http://packetstormsecurity.com/files/135151/Ubuntu-14.04-LTS-15.10-overlayfs-Local-Root.html http://www.ubuntu.com/usn/USN-2858-1 http://www.ubuntu.com/usn/USN-2857-2 http://www.ubuntu.com/usn/USN-2857-1 http://www.ubuntu.com/usn/USN-2858-2 https://www.exploit-db.com/exploits/39166/http://www.ubuntu.com/usn/USN-2858-3 https://www.exploit-db.com/exploits/40688/https://www.exploit-db.com/exploits/39230/https://nvd.nist.gov https://usn.ubuntu.com/2858-3/https://www.exploit-db.com/exploits/40688/

CVE-2015-8660

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect