5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%
Name | spectre_file_leak |
---|---|
CVE | CVE-2017-5753 Exploit Pack |
Notes: | |
This module gives an unpriviledged user the ability to dump a file from the kernel | |
memory. A common scenario is to dump the /etc/shadow or kerberos tickets. |
Note: For Fedora, the attack is targetless while for Ubuntu / CentOS and others
you will need specific offsets compiled within the binary itself.
Caveats:
1. Attacking vmware is slower, virtualbox while doable is insanely slower.
2. Sometimes on vmware the KASLR bypass may fail, this is work in progress.
3. The more recent the processor, the faster the attack.
4. Not all the filesystems are handled. In particular tmpfs files cannot be leaked.
5. The attack may not work at all on some specific kernels
6. The attack may not work at all on some hardware.
7. With this version you can only dump files fitting within a single page (<= 4096 bytes)
About (possible) future versions:
--------------------------------
a) A cache may be implemented to speedup attempts
b) A completely targetless version (not exclusive to Fedora) may be written later.
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%