CVE-2018-18955

This Metasploit module exploits CVE-2018-18955, a Linux kernel vulnerability in nested user namespaces, allowing local privilege escalation to root. It leverages broken uid/gid mappings and requires unprivileged user namespaces and the uidmap package to be installed.

This exploit leverages a flaw in the Linux kernel's user namespace implementation (CVE-2018-18955) where incorrect ID mapping allows bypassing DAC controls. The PoC demonstrates reading /etc/shadow by creating nested user namespaces with specific UID mappings.

This exploit leverages CVE-2018-18955, a local privilege escalation vulnerability in polkit, to gain root access by manipulating user namespace mappings and abusing pkexec. It compiles helper binaries, creates a malicious polkit policy, and escalates privileges via SUID manipulation.

This exploit leverages CVE-2018-18955, a privilege escalation vulnerability in the Linux kernel's user namespace implementation. It uses D-Bus to execute a service as root, creating a SUID root shell at /tmp/sh.

This exploit leverages CVE-2018-18955, a privilege escalation vulnerability in the Linux kernel's user namespace implementation. It uses the ld.so.preload technique to inject a malicious library, ultimately granting root access via a setuid binary.

This exploit leverages CVE-2018-18955, a privilege escalation vulnerability in the Linux kernel's user namespace implementation. It uses a cron job to execute a payload that sets the SUID bit on a binary, granting root access.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2018-18955, targeting Linux kernels 4.15.x through 4.19.x before 4.19.2. The exploit leverages mishandled nested user namespaces to escalate privileges to root via multiple techniques (bash_completion, cron, dbus, etc.).

This Metasploit module exploits CVE-2018-18955, a Linux kernel vulnerability in nested user namespaces, allowing local privilege escalation to root. It leverages broken uid/gid mappings in kernels 4.15.0 to 4.18.18 and 4.19.0 to 4.19.1.