Tested exploit/linux/local/runc_cwd_priv_esc on arch linux runc 1.1.4 #19679
Comments
|
Metasploit folx, if someone can provide this technical writer a little guidance on what needs updating, then I'd be happy to update this for you. |
|
Arch linux is not directly supported (or tested) by the module (although it may still work). https://security.archlinux.org/issues/vulnerable does not list cve-2024-21626 (although there's nothing from 2024, so likely the list isn't kept up to date). There is a issue template for bugs, I would suggest following that as I'd like more information before expanding the module. |
I believe we chatted in slack, if this is incorrect please let me know. |
|
Archlinux uses rolling updates and does not have versions, the system was update using pacman to the date I reported except runc that used the version specified. The runc version used should have made the system vulnerable as stated in the exploit description. |
Summary
Tested exploit/linux/local/runc_cwd_priv_esc on arch linux to extend access with docker runc exploit.
Running Linux runc version 1.1.4 the exploit did not complete with success.
The exploit claims this system should have been vulnerable, but actual execution on host shows the exploit did not complete with success on arch linux. The Documentation on the exploit should be updated to document this, it is either is a bug, or arch linux is not vulnerable to this exploit, or the documentation is insufficient to correctly replicate the vulnerability.
Git link to exploit code tested https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/runc_cwd_priv_esc.rb
The text was updated successfully, but these errors were encountered: