CVE-2016-3135

HIGH

Linux Kernel < 4.4.21 - Local Privilege Escalation via xt_alloc_table_info Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3135.

AI-analyzed exploit summary The exploit demonstrates a memory corruption vulnerability in the netfilter code (iptables) via the IPT_SO_SET_REPLACE setsockopt operation, allowing an unprivileged user to perform an out-of-bounds write in kernel memory. The PoC triggers the corruption by manipulating the next_offset field in a user-supplied ipt_entry structure.

Description

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Exploits (1)

exploitdb WORKING POC

doslinux

https://www.exploit-db.com/exploits/39545

View Code ZIP pw:eip

The exploit demonstrates a memory corruption vulnerability in the netfilter code (iptables) via the IPT_SO_SET_REPLACE setsockopt operation, allowing an unprivileged user to perform an out-of-bounds write in kernel memory. The PoC triggers the corruption by manipulating the next_offset field in a user-supplied ipt_entry structure.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (3.10, 3.18, 4.4)

No auth needed

Prerequisites: Unprivileged user namespace support (CONFIG_USER_NS=y) · Access to PF_INET sockets

MITRE ATT&CK