Main
Vulnerability Database
Exploits
ID:6355 - Exploit for Privilege escalation in Linux kernel - CVE-2018-1000001
ID:6355 - Exploit for Privilege escalation in Linux kernel - CVE-2018-1000001
Published: June 17, 2021
Vulnerability identifier: #VU9992
Vulnerability risk: Low
CVE-ID: CVE-2018-1000001
CWE-ID: CWE-124
Exploitation vector: Local access
Vulnerable software:
Linux kernel
Linux kernel
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.