The nfds (number of file descriptors) argument to the select() system call is a signed integer. Bounds checking code in the kernel evaluates this argument in a signed context. By passing negative arguments it is possible to cause the kernel to copy a large amount of data from userspace into a buffer on the stack, overflowing the allocated space. This module exploits the vulnerability to lower the system security level to -1 and launches an agent with root privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name