CVE-2016-1576

HIGH

Linux kernel <4.5.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1576. PoCs published by halfdog.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Ubuntu Wily by mounting a FUSE filesystem with a SUID binary, then using overlayfs to trigger a copy_up operation that creates a real SUID binary. The PoC includes custom C programs to demonstrate the attack chain.

Description

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Exploits (1)

exploitdb WORKING POC

by halfdog · textlocallinux

https://www.exploit-db.com/exploits/41763

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Ubuntu Wily by mounting a FUSE filesystem with a SUID binary, then using overlayfs to trigger a copy_up operation that creates a real SUID binary. The PoC includes custom C programs to demonstrate the attack chain.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Ubuntu Wily with overlayfs and FUSE

No auth needed

Prerequisites: User namespace access · FUSE mount capabilities · Overlayfs support

MITRE ATT&CK