Ubuntu overlayfs privilege elevation

Added: 06/26/2015
CVE: CVE-2015-1328
BID: 75206

Background

Overlayfs is a type of file system for Linux which implements a union mount.

Problem

In Ubuntu, overlayfs fails to correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged user to write arbitrary files, leading to command execution with root privileges.

Resolution

Apply one of the fixes from Ubuntu.

References

http://seclists.org/oss-sec/2015/q2/717

Limitations

Exploit works in Ubuntu 12.04, 14.04, 14.10, and 15.04. The kernel must have CONFIG_USER_NS=y and overlayfs must have the FS_USERNS_MOUNT flag in order for the exploit to succeed. gcc must be installed on the target.

Platforms

Linux

Back to exploit index