Published: 06/02/2014 Updated: 09/02/2024

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 711

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel prior to 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
opensuse opensuse 12.3

The system could be made to crash or run programs as an administrator ...

The compat_sys_recvmmsg function in net/compatc in the Linux kernel before 3132, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter ...

/* * Local root exploit for CVE-2014-0038 * * rawgithubcom/saelo/cve-2014-0038/master/timeoutpwnc * * Bug: The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer * passed from userspace * * Exploit primitive: Pass a pointer to a kernel address as timeout for recvmmsg, * if the original byte at that address ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require "msf/core" class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) ...

/* * PoC trigger for the linux 34+ recvmmsg x32 compat bug, based on the manpage * * codegooglecom/p/chromium/issues/detail?id=338594 * * $ while true; do echo $RANDOM > /dev/udp/127001/1234; sleep 025; done */ #define _GNU_SOURCE #include <netinet/iph> #include <stdioh> #include <stdlibh> #include < ...

/* *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* recvmmsgc - linux 34+ local root (CONFIG_X86_X32=y) CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ ircsmashthestackorg ----------------------------------- takes about 13 minutes to run because timeout->tv_sec is decremented once per second and 0xff*3 is 765 some things yo ...

This Metasploit module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root This exploit has offsets for 3 Ubuntu 13 kernels built in: 380-19-generic (1304 default) 3110-12-generic (1310 default) 3110-15-generic (1310) This exploit may take up to 13 minutes to run due t ...

Linux 34+ local root exploit that spawns a root shell leveraging CONFIG_X86_X32=y ...

Linux 34+ arbitrary write exploit for CONFIG_X86_X32 that spawns a root shell ...

SNP Assignment 1 Report - Linux box exploitation ( Vulnerability CVE-2014-0038)

IT19115276 SNP Assignment 1 Report - Linux box exploitation ( Vulnerability CVE-2014-0038) I have explained about how to exploit this vulnerability with screenshots

Linux local root exploit for CVE-2014-0038

Local root exploit for CVE-2014-0038 Bug: The X86_X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace Exploit primitive: Pass a pointer to a kernel address as timeout for recvmmsg, if the original byte at that address is known it can be overwritten with known data If the least significant byte is 0xff, waiting 255 seconds will turn it int

All Linux privilege Escalation methods are listed under one MarkDown🦁 i.e Kernel Exploits to Cronjobs

  📜 Overview 1 Escalating via Kernel Exploits 2 Escalation by File permission & Passwords OLD PASSWORDS IN /ETC/SECURITY/OPASSWD LAST EDITED FILES IN MEMORY PASSWORDS FIND SENSITIVE FILES WEAK FILE PERMISSION READABLE | WRITABLE /etc/shadow 3 Exploiting SUDO NOPASSWORD LD_PRELOAD DOAS SUDO INJECT 4 GTFOBINS 5 Wildcard WRITABLE FILES WRITABLE /etc/passw

CVE research SQL Injection vulnerability exploit.

SNP_CVE_RESEARCH CVE research SQL Injection vulnerability exploit CVE Details: CVE-2009-1026 Other CVE Researches: CVE-2014-0038 CVE-2009-0075 Tryhackme Rooms Available: 1- CVE-2009-1026 - tryhackmecom/jr/cve20091026 2- CVE-2009-0075 - tryhackmecom/jr/cve20090075 3- CVE-2014-0038 - tryhackmecom/jr/cve20140038 Exploit Videos: 3- mysliit-mysha

CWE-20 http://pastebin.com/raw.php?i=DH3Lbg54 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2 https://bugzilla.redhat.com/show_bug.cgi?id=1060023 https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268 http://www.openwall.com/lists/oss-security/2014/01/31/2 https://github.com/saelo/cve-2014-0038 https://code.google.com/p/chromium/issues/detail?id=338594 http://www.exploit-db.com/exploits/31347 http://www.mandriva.com/security/advisories?name=MDVSA-2014:038 http://www.exploit-db.com/exploits/31346 http://www.ubuntu.com/usn/USN-2094-1 http://www.ubuntu.com/usn/USN-2096-1 http://www.ubuntu.com/usn/USN-2095-1 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html https://www.exploit-db.com/exploits/40503/http://www.securityfocus.com/bid/65255 http://secunia.com/advisories/56669 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268 https://nvd.nist.gov https://usn.ubuntu.com/2095-1/https://access.redhat.com/security/cve/cve-2014-0038 https://www.exploit-db.com/exploits/31346/

CVE-2014-0038

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect