Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-3493

Description

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

POC

Reference

- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html

- http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html

- http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html

- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0xMarcio/cve

- https://github.com/0xMat10/eJPT_Prep

- https://github.com/0xWhoami35/root-kernel

- https://github.com/0xabdoulaye/CTFs-Journey

- https://github.com/0xfke/500-free-TryHackMe-rooms

- https://github.com/0xkarthi/Tryhackme-Roadmap

- https://github.com/0xneobyte/TryHackMe-Learning-Path-From-Beginner-to-Expert

- https://github.com/0xsyr0/OSCP

- https://github.com/20142995/sectool

- https://github.com/5thphlame/Free-Rooms-TryHackMe

- https://github.com/7imbitz/XCalate

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARESHAmohanad/THM

- https://github.com/ARESHAmohanad/tryhackme

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Abdennour-py/CVE-2021-3493

- https://github.com/Abdulaziz-AlZabin/IEEE_Questions

- https://github.com/Aijoo100/Aijoo100

- https://github.com/Al1ex/LinuxEelvation

- https://github.com/AmIAHuman/OverlayFS-CVE-2021-3493

- https://github.com/Andromeda254/cve

- https://github.com/Anekant-Singhai/Exploits

- https://github.com/AnonymousCTF/TryHackMe-Roadmap

- https://github.com/ArrestX/--POC

- https://github.com/Awrrays/Pentest-Tips

- https://github.com/BEPb/tryhackme

- https://github.com/BG3Z/eJPTv2-Notes

- https://github.com/Bhagat-CyberWala/TryHackMe-Free-Roadmap

- https://github.com/ButchBytes-sec/TryHackMe

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/CybVulnHunter/TryhackME_Rooms

- https://github.com/Desofori/Tryhackme-RoadMap

- https://github.com/Dh4v4l8/TRYHACKME-ROOMS

- https://github.com/EdgeSecurityTeam/Vulnerability

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/GhostTroops/TOP

- https://github.com/GibzB/THM-Captured-Rooms

- https://github.com/H0j3n/EzpzCheatSheet

- https://github.com/H4niz/oscp-note

- https://github.com/HK4040/ssh_bootcamp

- https://github.com/HaxorSecInfec/autoroot.sh

- https://github.com/Hunterdii/TryHackMe-Roadmap

- https://github.com/Hunterdii/tryhackme-free-rooms

- https://github.com/Ishan3011/CVE-2021-3493

- https://github.com/JERRY123S/all-poc

- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/KerFew/TryHackMeFreePath

- https://github.com/Mangesh-Bhattacharya/TryHackMe-Roadmap

- https://github.com/Metarget/metarget

- https://github.com/MinLouisCyber/500-free-TryHackMe-rooms

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Mohammed-Hafeez-99/THM-checklist

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/N1NJ10/eJPT_Prep

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/Ossito/pentest-notes

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Pelies91/audit-securite-wiki

- https://github.com/Pratham-verma/TryHackMe-Roadmap

- https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/Ruhanyat-994/Ruhanyat-994

- https://github.com/SYRTI/POC_to_review

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/Senz4wa/CVE-2021-3493

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shayanschakravarthy/tryhackme-free-rooms

- https://github.com/Shinbatsu/awesome-tryhackme

- https://github.com/Shinbatsu/tryhackme-awesome

- https://github.com/SinMaven/BugSauce

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Sornphut/OverlayFS---CVE-2021-3493

- https://github.com/SpriteCT/TryHackMe

- https://github.com/SrcVme50/Analytics

- https://github.com/SrcVme50/Hospital

- https://github.com/SrishtiCode/Tryhackme

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Tom-Riddle-4/IEEE_Questions

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Valay-2004/THM-Learning-PATH-Beginner-to-Expert-

- https://github.com/VishuGahlyan/OSCP

- https://github.com/WhooAmii/POC_to_review

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

- https://github.com/abylinjohnson/linux-kernel-exploits

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/anquanscan/sec-tools

- https://github.com/azazhe1/Ransomware_CVE_2021_3493

- https://github.com/balajiuk14/tryhackmelearningpath

- https://github.com/beruangsalju/LocalPrivelegeEscalation

- https://github.com/beruangsalju/LocalPrivilegeEscalation

- https://github.com/beycanyildiz/TryHackMeRoadmap

- https://github.com/bhagat8920/TryHackMe-Free-Roadmap

- https://github.com/boniyeamincse/tryhackmefreeroom

- https://github.com/briskets/CVE-2021-3493

- https://github.com/cerodah/overlayFS-CVE-2021-3493

- https://github.com/chandanmallick19/TryHackMe

- https://github.com/ctrsploit/ctrsploit

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/dasarivarunreddy/Tryhackme-RoadMap

- https://github.com/dasarivarunreddy/free-rooms-tryhackme

- https://github.com/derek-turing/CVE-2021-3493

- https://github.com/edwinantony1995/Tryhackme

- https://github.com/exfilt/CheatSheet

- https://github.com/fathallah17/OverlayFS-CVE-2021-3493

- https://github.com/fazilbaig1/oscp

- https://github.com/fei9747/CVE-2021-3493

- https://github.com/fei9747/LinuxEelvation

- https://github.com/gglessner/Rocky

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/iamz24/CVE-2021-3493_CVE-2022-3357

- https://github.com/imsalimansari/Try-Hack-Me-Roadmap

- https://github.com/inspiringz/CVE-2021-3493

- https://github.com/ishowcybersecurity/TryHackMe-Beginner-Roadmap

- https://github.com/jaspreet-infosec/TryHackMe-Roadmap

- https://github.com/jbmihoub/all-poc

- https://github.com/jenriquezv/OSCP-Cheat-Sheets

- https://github.com/jitmondal1/OSCP

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/k46th1/Tryhackme-Roadmap

- https://github.com/k4r7h1kn/Tryhackme-Roadmap

- https://github.com/k4r7hx/Tryhackme-Roadmap

- https://github.com/kdn111/linux-kernel-exploitation

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/khanhdn111/linux-kernel-exploitation

- https://github.com/khanhdz-06/linux-kernel-exploitation

- https://github.com/khanhdz191/linux-kernel-exploitation

- https://github.com/khanhhdz/linux-kernel-exploitation

- https://github.com/khanhhdz06/linux-kernel-exploitation

- https://github.com/khanhnd123/linux-kernel-exploitation

- https://github.com/khnhdz/linux-kernel-exploitation

- https://github.com/knd06/linux-kernel-exploitation

- https://github.com/krazystar55/tryhackme

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/loicoddon/TP_be_root

- https://github.com/makoto56/penetration-suite-toolkit

- https://github.com/manas3c/CVE-POC

- https://github.com/massco99/Analytics-htb-Rce

- https://github.com/migueltc13/KoTH-Tools

- https://github.com/n0-traces/cve_monitor

- https://github.com/n1njasec/information-security-modules

- https://github.com/nanasarpong024/tryhackme

- https://github.com/ndk06/linux-kernel-exploitation

- https://github.com/ndk191/linux-kernel-exploitation

- https://github.com/nenandjabhata/CTFs-Journey

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/ochysbliss/My-Tryhackme-

- https://github.com/omaradds1/THM

- https://github.com/oneoy/CVE-2021-3493

- https://github.com/oscpname/OSCP_cheat

- https://github.com/pakkiraja/TryHackMe_Modules

- https://github.com/parth45/cheatsheet

- https://github.com/pentestfunctions/thm-room-points

- https://github.com/phil-fly/poc

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/pmihsan/OverlayFS-CVE-2021-3493

- https://github.com/ptkhai15/OverlayFS---CVE-2021-3493

- https://github.com/puckiestyle/CVE-2021-3493

- https://github.com/reptile0bug/Tryhackme-RoadMap

- https://github.com/revanmalang/OSCP

- https://github.com/rishabatra1802/TryHackMe_FreeRooms

- https://github.com/rng70/TryHackMe-Roadmap

- https://github.com/sengpakrenha/tryhackeme

- https://github.com/smallkill/CVE-2021-3493

- https://github.com/soosmile/POC

- https://github.com/spideyctf/UbuntuTouchSecurityVAPTReport

- https://github.com/ssr-111/linux-kernel-exploitation

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/tharushkadinujaya05/TryHackMe-Learning-Path-From-Beginner-to-Expert

- https://github.com/thebugbounter/TryHackMe-Roadmap

- https://github.com/thesakibrahman/THM-Free-Room

- https://github.com/thmrevenant/tryhackme

- https://github.com/timb-machine/linux-malware

- https://github.com/tourvan/penetration-testing-report

- https://github.com/trhacknon/Pocingit

- https://github.com/txuswashere/OSCP

- https://github.com/tzwlhack/Vulnerability

- https://github.com/uttambodara/TryHackMeRoadmap

- https://github.com/vlain1337/auto-lpe

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoforget/CVE-POC

- https://github.com/wkhnh06/linux-kernel-exploitation

- https://github.com/xAKSx/TryHackMe

- https://github.com/xairy/linux-kernel-exploitation

- https://github.com/xhref/OSCP

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zulloper/cve-poc