CVE-2009-1527

Linux Kernel < 2.6.30-rc4 - Privilege Escalation via PTRACE_ATTACH Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1527. PoCs published by s0m3b0dy.

AI-analyzed exploit summary This exploit leverages a ptrace_attach vulnerability (CVE-2009-1527) to inject shellcode into a SUID binary (gpasswd) for local privilege escalation. It writes a SUID root shell to /tmp/.exp and executes it.

Description

Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.

Exploits (1)

exploitdb WORKING POC VERIFIED

by s0m3b0dy · clocallinux

https://www.exploit-db.com/exploits/8673

View Code ZIP pw:eip

This exploit leverages a ptrace_attach vulnerability (CVE-2009-1527) to inject shellcode into a SUID binary (gpasswd) for local privilege escalation. It writes a SUID root shell to /tmp/.exp and executes it.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 2.6.29rc1 (and possibly others)

No auth needed

Prerequisites: Local access to a vulnerable Linux system · Presence of a SUID binary like gpasswd

MITRE ATT&CK