CVE-2021-3899
HIGHapport < 2.21.0 - Time-of-check Time-of-use Race Condition
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-3899. PoCs published by liumuqing.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-3899, leveraging a PID reuse race condition in Apport to achieve local privilege escalation (LPE) by dropping a malicious logrotate configuration file. The exploit involves crashing a process, reoccupying its PID with a root-owned process, and triggering logrotate to execute arbitrary commands as root.
Description
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
Exploits (1)
This repository contains a functional exploit for CVE-2021-3899, leveraging a PID reuse race condition in Apport to achieve local privilege escalation (LPE) by dropping a malicious logrotate configuration file. The exploit involves crashing a process, reoccupying its PID with a root-owned process, and triggering logrotate to execute arbitrary commands as root.
References (3)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H