Share
## https://sploitus.com/exploit?id=8D354414-CE1D-53A4-B897-AA7576AD30CC
# CVE-2023-4911

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Proof-of-Concept

Developed for:

- Ubuntu 22.04
- Ubuntu GLIBC 2.35-0ubuntu3.1
- su from util-linux 2.37.2
- ASLR ON

Dockerfile included.

## Debug

Disable ASLR

```
$ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
```

Compile with `NO_ASLR`

```
$ python3 patch.py
$ gcc poc.c -o poc_debug -DNO_ASLR
```

Run gdbscript

```
gdb -ix gdbscript
```

## Build

```
$ python3 patch.py
$ gcc poc.c -o poc
```

## Usage

```
./poc; while [ $? -ne 0 ]; do ./poc; done
```