CVEs-PoC/2014/CVE-2014-0181.md

CVE-2014-0181

Description

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

POC

Reference

• http://www.openwall.com/lists/oss-security/2023/04/16/3
• http://www.openwall.com/lists/oss-security/2023/04/16/3

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/lrh2000/CVE-2023-2002