CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability

https://notcve.org/view.php?id=CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). • https://www.exploit-db.com/exploits/47133 https://www.exploit-db.com/exploits/47163 https://www.exploit-db.com/exploits/50541 https://www.exploit-db.com/exploits/47543 https://github.com/jas502n/CVE-2019-13272 https://github.com/Cyc1eC/CVE-2019-13272 https://github.com/oneoy/CVE-2019-13272 https://github.com/polosec/CVE-2019-13272 https://github.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation https://github.com/datntsec/CVE-2019-13272 https://github • CWE-271: Privilege Dropping / Lowering Errors •