CVE-2013-1959

Linux Kernel < 3.8.9 - Privilege Escalation via uid_map and gid_map File Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1959. PoCs published by Andrew Lutomirski.

AI-analyzed exploit summary This exploit leverages a user namespace vulnerability (CVE-2013-1959) to gain root privileges by manipulating `/proc/[pid]/uid_map` and executing a command with elevated permissions. It uses `unshare(CLONE_NEWUSER)` and futex synchronization to achieve privilege escalation.

Description

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

Exploits (1)

exploitdb WORKING POC

by Andrew Lutomirski · clocallinux

https://www.exploit-db.com/exploits/25450

View Code ZIP pw:eip

This exploit leverages a user namespace vulnerability (CVE-2013-1959) to gain root privileges by manipulating `/proc/[pid]/uid_map` and executing a command with elevated permissions. It uses `unshare(CLONE_NEWUSER)` and futex synchronization to achieve privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel versions before 3.8.9 (user namespace handling)

No auth needed

Prerequisites: Linux kernel with vulnerable user namespace implementation · Ability to execute code on the target system

MITRE ATT&CK