{"id":622,"date":"2020-11-25T06:36:33","date_gmt":"2020-11-24T22:36:33","guid":{"rendered":"https:\/\/byy3.com\/?p=622"},"modified":"2021-01-09T10:14:00","modified_gmt":"2021-01-09T02:14:00","slug":"%e5%90%8e%e6%b8%97%e9%80%8f%e6%9c%80%e6%96%b0linux%e6%8f%90%e6%9d%83root%ef%bc%8ccve-2019-15666-xfrm_uaf%e5%bd%b1%e5%93%8d%e5%a4%a7%e9%83%a8%e5%88%86%e7%89%88%e6%9c%aclinux%e5%86%85%e6%a0%b8","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=622","title":{"rendered":"\u540e\u6e17\u900f\u6700\u65b0Linux\u63d0\u6743root\uff0c[CVE-2019-15666] XFRM_UAF\u5f71\u54cd\u5927\u90e8\u5206\u7248\u672clinux\u5185\u6838"},"content":{"rendered":"<p>\u540e\u6e17\u900f\u6700\u65b0Linux\u63d0\u6743root\uff0c[CVE-2019-15666] XFRM_UAF\u5f71\u54cd\u5927\u90e8\u5206\u7248\u672clinux\u5185\u6838<\/p>\n<p>\u4f7f\u7528\u811a\u672chttps:\/\/github.com\/h4ckg3h2y1\/linux-exploit-suggester \u6536\u96c6\u5230\u672c\u7cfb\u7edflinux\u5185\u68384.19.112+\u6f0f\u6d1e<\/p>\n<p>\u6709[CVE-2019-15666] XFRM_UAF<\/p>\n<p>\u82f1\u6587\u53c2\u8003\u6587\u6863https:\/\/duasynt.com\/blog\/ubuntu-centos-redhat-privesc<\/p>\n<p>\u4e8e\u662f\u4e4e<\/p>\n<h3 class=\"break-all\">CVE-2019-15666 xfrm_policy \u63d0\u6743\u6f0f\u6d1e<\/h3>\n<p>\u8fd9\u4e2a\u6f0f\u6d1e\u6bd4\u8f83\u5f3a\uff0c\u5b98\u65b9\u8bf4\u660e\u6f0f\u6d1e\u53ea\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u4f46\u5b9e\u9645\u4e0a\u5229\u7528\u5f97\u5f53\u53ef\u4ee5\u5b9e\u73b0\u63d0\u6743\u3002\u5f71\u54cd\u8303\u56f43.x-5.x\u3002<\/p>\n<section>\u6f0f\u6d1e\u6210\u56e0\uff0c\u6570\u7ec4\u8d8a\u754c\u3002\u9700\u8981\u9700\u8981\u63d2\u5165\u7528\u6237\u5b9a\u4e49\u7684 index timer set\u3002<\/section>\n<section>\nXFRM_MSG_NEWSA\u8bf7\u6c42\u7684\u8def\u52b2\u6dfb\u52a0policy\u3002<\/section>\n<section>\u00a0<\/section>\n<section>\u6dfb\u52a0policy\u9700\u8981\u901a\u8fc7verify_newpolicy_info\u7684\u8ba4\u8bc1\u3002\u4f46\u6f0f\u6d1e\u7248\u672c\u8ba4\u8bc1\u7f3a\u9677\u3002<br \/>\n<em>https:\/\/duasynt.com\/blog\/ubuntu-centos-redhat-privesc<\/em><\/section>\n<section><\/section>\n<section>\u5f62\u6210\u7f13\u5b58\u6ea2\u51faUAF\u00a0\u00a0<\/section>\n<p>.\/linux-exploit-suggester.sh<\/p>\n<p>\u4e8e\u662f\u4e4e https:\/\/github.com\/h4ckg3h2y1\/xfrm_poc\u00a0 \u627e\u5230\u5f00\u6e90\u7684\u811a\u672c\uff01<\/p>\n<p>cd xfrm_poc\u76ee\u5f55\u4e0b .\/lucky0\u00a0 \u00a0\u9760\u8fd0\u6c14\uff0c\u6ca1\u6210\u529f\u7ee7\u7eed\u547d\u4ee4\u5faa\u73afwhile :; do .\/lucky0 -q &amp;&amp; break; done<\/p>\n<p>\u8fd0\u6c14\u597d\u7684\u8bdd\u5c31bypass\u4e86\uff01<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-623\" data-original=\"https:\/\/byy3.com\/wp-content\/uploads\/2020\/11\/2020112422362755.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1399\" height=\"505\" title=\"\u540e\u6e17\u900f\u6700\u65b0Linux\u63d0\u6743root\uff0c[CVE-2019-15666] XFRM_UAF\u5f71\u54cd\u5927\u90e8\u5206\u7248\u672clinux\u5185\u6838\u63d2\u56fe\" alt=\"\u540e\u6e17\u900f\u6700\u65b0Linux\u63d0\u6743root\uff0c[CVE-2019-15666] XFRM_UAF\u5f71\u54cd\u5927\u90e8\u5206\u7248\u672clinux\u5185\u6838\u63d2\u56fe\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u540e\u6e17\u900f\u6700\u65b0Linux\u63d0\u6743root\uff0c[CVE-2019-15666] XFRM_UAF\u5f71\u54cd\u5927\u90e8\u5206\u7248\u672clinux\u5185 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,1],"tags":[150,26,147,353,146,149,148,151],"class_list":["post-622","post","type-post","status-publish","format-standard","hentry","category-linux","category-net-security","tag-cve-2019-15666","tag-linux","tag-linux-root","tag-root","tag-xfrm_uaf"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=622"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/622\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}