Sunday, March 03, 2013

EXPLOIT - CVE-2013-1763 Linux Kernel Local Privilege Escalation

This vulnerability is announced on Feb 24, 2013 by Mathias Krause. However, according to some sources in the internet (Russian forums) that this vulnerability was discovered for more than a year but it is not published until Mathias Krause.

The affected Linux kernel is from 3.0.8 to 3.7.9. The most common Linux distributions such as Fedora and Ubuntu are affected. Fedora 16 to 18 with the kernel before 3.7.9-205.fc18 are affected. Ubuntu 12.04 LTS to 12.10 (including the 13.04 which is under development at this writing) with the kernel before 3.5.0-25.39 are affected.

The exploit source codes are available in the wild for Arch Linux, Fedora and Ubuntu. The Arch Linux available exploit is targeted to 64-bit version while the available exploit for Fedora and Ubuntu are targeted to 32-bit. The exploitation for Ubuntu is more harder for script kiddies at the moment in my opinion.

Hereby, I made a video for the Ubuntu 12.10 with kernel 3.5.0-21 exploitation for your reference.

Reference :

National Vulnerability Database (NVD)
CX Security
SecurityFocus (with exploit source code)
Source code for 64-bit Ubuntu
Source code for 64-bit Fedora
Ubuntu 12.04 LTS Kernel image download
Ubuntu 12.10 Kernel image download

Please note that there is PPA for Ubuntu Kernel image out there and they may be not fixed, not kidding!

Updated on Mar 4, 2013 :

Latest learnt that the kernel version 2.6.x are also affected.

That's all! See you.