Published: 17/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 740

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In the Linux kernel prior to 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 29
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 16.04
redhat enterprise linux 7.0
redhat enterprise linux 8.0
redhat enterprise linux for real time 8
netapp aff_a700s_firmware -
netapp h410c_firmware -
netapp h610s_firmware -
netapp steelstore cloud integrated storage -
netapp service processor -
netapp solidfire -
netapp hci management node -
netapp active iq unified manager -
netapp e-series performance analyzer -
netapp hci compute node -
netapp e-series santricity os controller

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios For the oldstable distribution (stretch), this problem has been fixed in version 49168-1+deb9u4 For the s ...

Several security issues were fixed in the Linux kernel ...

Impact: Critical Public Date: 2019-07-16 CWE: CWE-271 Bugzilla: 1730895: CVE-2019-13272 kernel: broken ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::Kernel include Msf::Post::Linux::System inclu ...

// Linux 410 < 5117 PTRACE_TRACEME local root (CVE-2019-13272) // Uses pkexec technique // --- // Original discovery and exploit author: Jann Horn // - bugschromiumorg/p/project-zero/issues/detail?id=1903 // --- // <bcoles@gmailcom> // - added known helper paths // - added search for suitable helpers // - added automatic targ ...

== Summary == This bug report describes two issues introduced by commit 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP", introduced in v410 but also stable-backported to older versions) I will send a suggested patch in a minute ("ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME") When called for PTRACE_TRACEME, pt ...

Linux kernel version 51x PTRACE_TRACEME pkexec local privilege escalation exploit ...

Linux kernel versions starting at 410 and below 517 PTRACE_TRACEME local root exploit that uses the pkexec technique ...

This Metasploit module exploits an issue in ptrace_link in kernel/ptracec before Linux kernel 5117 This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent In the Linux kernel before 5117, ptrace_link in kernel/ptracec misha ...

5.1.17之前的Linux内核中普通用户执行文件提权为root用户

CVE-2019-13272 5117之前的Linux内核中普通用户执行文件提权为root用户

Linux 4.10 < 5.1.17 PTRACE_TRACEME local root

CVE-2019-13272 Linux local root exploit Linux 410 < 5117 PTRACE_TRACEME local root (CVE-2019-13272) In the Linux kernel before 5117, ptrace_link in kernel/ptracec mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child

A group project in Operating System /Linux （CS356 SJTU）

OS-CourseDesign A group project in Operating System /Linux （CS356 SJTU） Introduction: ghostsh为整合后的脚本文件 ghost文件下编写lkm相关的框架和文件，在cd到ghost目录下后 make 便会生成ko后缀的内核模块，可直接插入415linux内核 aes-target 是aes加密的目标路径（default） cpuc 为手动占用cpu资源程序 pocc 为CVE-2

CVE-2019-13272 - Pkexec Local Privilege Escalation ⚠️ For educational and authorized security research purposes only Original Exploit Authors Very grateful to the original PoC author BCOLES Description In the Linux kernel before 5117, ptrace_link in kernel/ptracec mishandles the recording of the credentials of a process that wants to create a ptrace relationship, whi

-CVE-2019-13272

Privilege-Escalation-CVE-2019-13272- This repository contains a report of Privilege Escalation vulnerability (CVE-2019-13272)

Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538

vulnerability-exploitation Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Havi

Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287

Exploiting-a-Linux-kernel-vulnerability - IT19159140 Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Having learned of this, I chose a different vulnerability

The exploit for CVE-2019-13272

CVE-2019-13272 The exploit for CVE-2019-13272 漏洞类型：Linux本地提权漏洞影响范围：Linux内核版本低于5117 本地测试环境：漏洞相关信息： bugschromiumorg/p/project-zero/issues/detail?id=1903

linux 提权

Linux Privilege Escalation techniques & resources

LinuxPrivEsc Linux Privilege Escalation techniques & resources Enumeration system enum user enum network enum password hunting Automated tools linpeas linenum linux exploit suggestor Linuxprivchecker Enumeration We assume that first exploited & have access to the m/c, But the user is non admin now we have to go through the stages of 5 stage methodlogy

Ksplice-demo ksplice-demo Vagrant box installs Oracle Linux 80 to run a ksplice demo Prerequisites Install Oracle VM VirtualBox on your Host Install Vagrant on your Host Install Git on your host A valid Ksplice Access Key, retrieve it from KSplice Web Site Getting started Preparation before to run demo Clone this repository git clone githubcom/karlhat/Ksplice-demo

POCs can run in some Linux kernel versions

POC-available POCs can run in some Linux kernel versions CVE-2019-11599 POC运行内核版本：462 运行方式： gcc -o coredump_helper coredump_helperc sudo /set_helpersh gcc -o dumpme dumpmec /dumpme 运行结果：运行poc 通过dmesg查看日志 CVE-2019-9213 POC运行内核版本：462 运行方式： gcc -o nullmap nullmapc /nullmap 运行结果： CVE-

Es una vulnerabilidad para escalar privilegios en linux.

CVE-2019-13272 Es una vulnerabilidad para escalar privilegios en linux Aún, en la mayoría de distros linux no ha sido arreglada Para ejecutar el exploit, solo es necesario tener instalado gdb En las releases os dejaré binarios de gdb para algunas arquitecturas Me he basado en el exploit que hizo s4vitar, pero, el mio esta el español y más

xcoderootsploit X-code Root Sploit v01 Beta 1 Dibangun oleh Kurniawan - kurniawanajazenfone@gmailcom - xcodecoid - 20 Maret 2024 Aplikasi untuk membantu privilege escalation secara otomatis pada target linux Dengan exploit ini maka peretas cukup menjalankan program maka otomatis bisa mendapatkan akses root selama target mempunyai kerentanan untuk dilakukan privil

Aplikasi untuk privilege escalation secara otomatis pada target linux

xcoderootsploit Aplikasi untuk privilege escalation secara otomatis pada target linux Sumber : Privilege Escalation pada Ubuntu 20042 (Bisa untuk target Ubuntu 2010 dan 2104) - CVE-2021-3490 githubcom/chompie1337/Linux_LPE_eBPF_CVE-2021-3490 Privilege Escalation pada linux Ubuntu 20041 (CVE-2019-13272) githubcom/blasty/CVE-2021-3156 Privilege Escalation

CWE-269 https://bugs.chromium.org/p/project-zero/issues/detail?id=1903 http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee https://bugzilla.suse.com/show_bug.cgi?id=1140671 https://bugzilla.redhat.com/show_bug.cgi?id=1730895 https://www.debian.org/security/2019/dsa-4484 https://seclists.org/bugtraq/2019/Jul/30 https://seclists.org/bugtraq/2019/Jul/33 https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://security.netapp.com/advisory/ntap-20190806-0001/https://access.redhat.com/errata/RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2411 https://usn.ubuntu.com/4095-1/https://usn.ubuntu.com/4094-1/https://usn.ubuntu.com/4093-1/http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html https://support.f5.com/csp/article/K91025336 https://usn.ubuntu.com/4117-1/https://usn.ubuntu.com/4118-1/https://access.redhat.com/errata/RHSA-2019:2809 http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/errata/RHSA-2019:2411 https://nvd.nist.gov https://usn.ubuntu.com/4094-1/https://www.exploit-db.com/exploits/47543 https://www.debian.org/security/2019/dsa-4484

Get Started

CVE-2019-13272

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect