CVE-2021-3493

Theory

An Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts.

Practice

The target system is likely to be vulnerable if it runs Ubuntu has a kernel version lower than 5.11.

#Get Kernel version
$ uname -r
4.15.0-76-generic

Affected versions are :

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM

Using this exploit or this one we can abuse CVE-2021-3493

#Compile
gcc exploit.c -o exploit

#Run it
./exploit

If the target doesn't have gcc installed, you may need to recreate a similar virtual environement to compile the exploit.

Ressources

SSD Advisory – OverlayFS PE - SSD Secure DisclosureSSD Secure Disclosure

TryHackMe | OverlayFS - CVE-2021-3493TryHackMe

Last updated 8 months ago