This module uses an incorrect 'in-place operation' vulnerability in the Linux kernel's algif_aead cryptographic algorithm interface by abusing the authencesn AEAD wrapper to deploy a network agent. The vulnerability will overwrite kernel's cached pages of a given SUID file. The module will upload a trigger binary for the vulnerability in the temporary directory given in the TMP_DIR parameter. If no parameter is provided, the module will use "/tmp" as the default value. The binary SUID file given in the TARGET_SUID_BINARY parameter will be used for the attack. If no parameter is provided, the module will use "/usr/bin/su" as the default value. Once the attack is complete a new Core Impact agent will be deployed in the target system that will run with root user privileges. Finally, the module will use the "sysctl" command to restore the cache.
CVE Link
Exploit Platform
Exploit Type
Product Name