CVE-2015-1328

This Metasploit module exploits CVE-2015-1328 and CVE-2015-8660, both related to overlayfs privilege escalation vulnerabilities in specific Ubuntu kernel versions. It checks for vulnerable kernels, compiles or drops an exploit binary, and executes it to gain elevated privileges.

This exploit leverages a flaw in overlayfs where file permissions are not correctly checked during copy-up operations, allowing an unprivileged user to escalate privileges by manipulating files in the upper filesystem directory. The provided example demonstrates creating a world-writable /etc/ld.so.preload file to achieve root access.

This exploit leverages CVE-2015-1328 to achieve local privilege escalation on Ubuntu systems by manipulating overlayfs mount permissions and injecting a malicious shared library via /etc/ld.so.preload. It spawns threads to create namespaces and mount overlayfs in a way that allows writing to restricted files.

This is a working local privilege escalation exploit for CVE-2015-1328, targeting Ubuntu systems with kernels before 2015-06-15. It leverages overlayfs incorrect permission handling to gain root access by manipulating /etc/ld.so.preload.

This is a functional privilege escalation PoC for CVE-2015-1328, exploiting overlayfs and user namespaces to gain root access via LD_PRELOAD manipulation. The exploit creates isolated namespaces, mounts overlayfs, and injects a malicious shared library to hijack getuid() and spawn a root shell.

This repository is a writeup and documentation for a CTF VM (RootQuest) that includes a multi-stage exploitation path, with one stage involving the use of CVE-2015-1328 (OverlayFS) for privilege escalation. It does not contain exploit code but describes the process and provides links to external resources.

This exploit leverages CVE-2015-1328, a vulnerability in overlayfs on Ubuntu kernels before 2015-06-15, to achieve local privilege escalation by manipulating mount namespaces and creating a malicious shared library loaded via /etc/ld.so.preload.

This exploit leverages CVE-2015-1328, a vulnerability in the Linux kernel's overlayfs implementation, to achieve local privilege escalation (LPE) by manipulating mount namespaces and preloading a malicious shared library. The PoC creates a fake /etc/ld.so.preload file and injects a library that spawns a root shell when /bin/su is executed.

This Metasploit module exploits CVE-2015-1328 and CVE-2015-8660, both privilege escalation vulnerabilities in the Linux kernel's overlayfs implementation. It checks for vulnerable kernel versions, compiles or drops the exploit binary, and executes it to gain root privileges.