CVE-2010-1146

Linux kernel <2.6.33.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1146. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit leverages a Linux Kernel ReiserFS xattr privilege escalation vulnerability (CVE-2010-1146) by manipulating extended attributes to grant capabilities to a compiled binary, resulting in a root shell.

Description

The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Oberheide · pythonlocallinux

https://www.exploit-db.com/exploits/12130

View Code ZIP pw:eip

This exploit leverages a Linux Kernel ReiserFS xattr privilege escalation vulnerability (CVE-2010-1146) by manipulating extended attributes to grant capabilities to a compiled binary, resulting in a root shell.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel <= 2.6.34-rc3 with ReiserFS and user_xattr

No auth needed

Prerequisites: ReiserFS filesystem mounted with user_xattr option · gcc and setfattr tools available

MITRE ATT&CK