PageJack in Action: CVE-2022-0995 exploit

Explains how a Linux kernel out-of-bounds bug can be turned into privilege escalation with PageJack.

https://blog.quarkslab.com/pagejack-in-action-cve-2022-0995-exploit.html

#Linux #KernelExploit

The USB Attack: A Tiny Device, A Huge Risk
This vulnerability revolves around a Physical Access Vector (PAV) involving a malicious USB device. The attacker planted a USB stick with malicious firmware into the target computer's USB port, allowing it to execute arbitrary code when connected. The device exploited a flaw in the USB Mass Storage Device (MSC) protocol, enabling it to bypass driver restrictions. The attacker crafted the firmware to mimic a removable drive, which was unrecognized by the operating system and thus evaded antivirus scanning. Upon insertion, the malicious firmware triggered a built-in exploit, taking advantage of a kernel vulnerability to gain system-level access. The impact of this vulnerability is severe, as it allows unauthorized access, data theft, and malware injection. The researcher earned $5,000 for reporting this critical issue. Proper remediation involves securing USB ports with hardware restrictions and implementing firmware-level whitelisting to prevent unauthorized devices from executing arbitrary code. Key lesson: Physical access can lead to critical security breaches, making it essential to secure USB ports. #BugBounty #Cybersecurity #PAV #PhysicalAccess #KernelExploit

https://medium.com/@bugitrix/%EF%B8%8F-the-usb-attack-a-tiny-device-a-huge-risk-3a66795f65f1?source=rss------bug_bounty-5

🪲 Linux Privilege Escalation vulnerability

👉 Buffer overflow
vulnerability within the Netfilter subsystem (CVE-2023-0179)

👉 Allow the leakage of both stack & heap addresses
and,potentially, a Local Privilege Escalation to the root

Poc:
https://github.com/TurtleARM/CVE-2023-0179-PoC

Write up:
https://www.openwall.com/lists/oss-security/2023/01/13/2

#infosec #KernelExploit #Exploits #linux

DirtyCred Remastered: how to turn an UAF into Privilege Escalation

Articles:
https://exploiter.dev/blog/2022/CVE-2022-2602.html

https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/

Poc:
https://github.com/LukeGix/CVE-2022-2602

Credits: @kiks7_7 @LukeGix

#exploitdevelopment #infosec #binaryexploit
#kernelexploit #privilegeescalation #linux

Lessons on Linux kernel exploit development:

https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development

https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/

#exploitdevelopment #infosec #exploit #exploitation
#kernelexploit #ring0 #privilegeescalation #linux