Hacks and Incidents

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis: In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array sock_diag_handlers, and allows a local user to gain privileges of “root” on the system. Before starting the analysis, however, the underlying concept should be clarified: in Linux systems, the user and kernel memory are implemented in different and independent address spaces, also these address spaces are virtualized and then mapped into physical memory using the page tables. In particular, if we assume to have a 32-bit Linux system, we will have 4GB of addresses available, of these 3GB are made ​​available to the user memory and 1GB is left for the memory kernel, then the user will be assigned memory addresses ranging 0×00000000 to 0xBFFFFFFF, while the kernel memory addresses ranges from 0xC0000000 through 0xFFFFFFFF.