Attention: All rights to the exploit writer. I have just compiled and organized a repository for this CVE.
CVE: 2018-1000001 Alias: RationalLove
- exploit-debian - Exploit compiled in debian x64
- exploit-ubuntu - Exploit compiled in ubuntu x64
To discover if the machine is vulnerable:
dpkg --list | grep -i libc6If your libc6 package is:
- 2.24-11+deb9u1 for Debian Stretch
- 2.23-0ubuntu9 for Ubuntu Xenial Xerus
Then you're probably vulnerable.
If you are lazy, I developed a shell script to check if your machine is vulnerable.
It is in this repository, and it is named vulncheck.sh. You can use it to determine if the public exploit will work or not based on the libc6 package.
Simply drop the binary into the vulnerable system and execute it to get root.
It is recommended immediate patch of libc package using apt-get update -y && apt-get upgrade -y