CVE-2015-3643

HIGH

usb-creator <0.2.38.3ubuntu0.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3643. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit leverages a D-Bus interface vulnerability in usb-creator to achieve local privilege escalation by injecting a malicious shared library via LD_PRELOAD, resulting in a setuid root shell.

Description

usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.

Exploits (1)

exploitdb WORKING POC

by Tavis Ormandy · textlocallinux

https://www.exploit-db.com/exploits/36820

View Code ZIP pw:eip

This exploit leverages a D-Bus interface vulnerability in usb-creator to achieve local privilege escalation by injecting a malicious shared library via LD_PRELOAD, resulting in a setuid root shell.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: usb-creator (Ubuntu versions: Precise 0.2.38.3ubuntu, Trusty 0.2.56.3ubuntu, Utopic 0.2.62ubuntu0.2)

No auth needed

Prerequisites: Local access to the system · D-Bus access to com.ubuntu.USBCreator · Ability to write to /tmp

MITRE ATT&CK