Name | show_timer_leak |
CVE | CVE-2017-18344 |
Exploit Pack | CANVAS |
Description | show_timer_leak |
Notes | CVE Name: CVE-2017-18344 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note: For Fedora, the attack is targetless while for Ubuntu / CentOS and others you will need specific offsets compiled within the binary itself. Caveats: 1. Attacking vmware, vbox or bare metal is absolutely the same, performance wise. 2. Some targets are still not supported. 3. Not all the filesystems are handled. In particular tmpfs or XFS files cannot be leaked. 4. With this version you can only dump files fitting within a single page (<= 4096 bytes) 5. SMAP mitigates this vulnerability About (possible) future versions: -------------------------------- A completely targetless version (not exclusive to Fedora) may be written later VersionsAffected: CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18344 Repeatability: Infinite |
Learn more about the CANVAS Exploit Pack here: CANVAS |