7.2
CVSSv2

CVE-2021-3493

Published: 17/04/2021 Updated: 03/05/2021
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Github Repositories

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces A local attacker could use this t

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit chmod +x exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with r

OverlayFS CVE-2021-3493 Credits ssd-disclosurecom/ssd-advisory-overlayfs-pe/

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit chmod +x exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with r

This is a walkthrough for tryhackme room Brooklyn Nine Nine So let's dive into it Let's scan the machine with rustscan for ports rustscan -a IP We have 3 port's open 21 - FTP 22 - SSH 80 - HTTP Time to get User flag Let's see if anonymous login is allowed in FTP Yes, login with anonymous is allowed Let's see what files are in the folder We find