Automatically exploiting system of kernel privilege escalation vulnerabilities based on imitating attack

doi:10.7523/j.issn.2095-6134.2015.03.014

Abstract

Abstract:

This paper focuses on the Linux kernel-level privilege escalation vulnerabilities. Based on vulnerability detection thoughts of imitating attack, we design and develop an automated privilege escalation vulnerabilities exploiting system KernelPET. It reveals the typical process of exploiting privilege escalation vulnerabilities, and provides support to vulnerabilities defense. KernelPET is developed with today's mainstream vulnerability databases: exploit-db, securityfocus, etc. We test nearly one hundred of privilege escalation vulnerabilities by simulated attack, select 30 classic Linux kernel privilege escalation vulnerabilities, and load them into KernelPET exploiting code libraries. The system is tested on different cores and releases of the Linux platform. Experimental results show that KernelPET runs in multi-class releases of Linux system with good results.

Key words: Linux kernel, privilege escalation vulnerabilities, exploits, system security

CLC Number:

TP393

LI Xiaoqi, LIU Qixu, ZHANG Yuqing. Automatically exploiting system of kernel privilege escalation vulnerabilities based on imitating attack[J]. , 2015, 32(3): 384-390.

References

[1] 刘奇旭,张玉清,宫亚峰,等.安全漏洞标识与描述规范的研究[J].信息网络安全,2011,7:4-6.

[2] 绿盟公司.绿盟漏洞威胁态势报告[R],北京:绿盟科技,2013[2014-07-23].http://www.nsfocus.com.cn/4_research/4_6.html.

[3] Chen H G,Mao Y D,Wang X,et al.Linux kernel vulnerabilities:State-of-the-art defenses and open problems[C].Proceedings of the Second Asia-Pacific Workshop on Systems,ACM,2011.

[4] HD M,Spoon M,James L,et al.Metasploit[CP/OL].2014[2014-07-23].http://www.metasploit.com.

[5] Gordon L.Nmap[CP/OL].2014[2014-07-23]. http://nmap.org.

[6] Renaud D,Ron G.Nessus[CP/OL].2014[2014-07-23].http://www.tenable.com/products/nessus.

[7] Nimbalkar R,Patel P,Meshram B.Advanced linux security[J].Editorial Board,2013,2(3):7-12.

[8] Treaster M,Koenig G A,Meng X,et al.Detection of privilege escalation for linux cluster security[C].Proceedings of the 6th LCI International Conference on Linux Clusters.2005.

[9] Provos,Markus F,Peter H,et al.Preventing privilege escalation[C].Proceedings of the 12th USENIX Security Symposium,2003.

[10] O'Gorman J,Kearns D,Aharoni M.Metasploit:The Penetration Tester's Guide[M].San Francisco:No Starch Press,2011.

[11] 国家计算机网络入侵防范中心.国家安全漏洞库[DB/OL].2014[2014-07-23].http://www.nipc.org.cn/.

[12] Offensive Security Team.Exploit database[DB/OL]. 2014[2014-07-23]2014.http://www.exploit-db.com.

[13] 中国信息安全测评中心.中国信息安全国家漏洞库[DB/OL].2014[2014-07-23].http://www.cnnvd.org.cn.

[14] Security-Database Company.Security vulnerability database[DB/OL].2014[2014-07-23].http://www.security-database.com.

[15] Symantec Company.Securityfocus vulnerability database[DB/OL].2014[2014-07-23].http://www.securityfocus.com/bid.

[16] 绿盟公司.绿盟漏洞数据库[DB/OL].2014[2014-07-23].http://www.nsfocus.net/vulndb.

[17] Freebuf Team.Freebuf安全社区[EB/OL].2014[2014-07-23].http://www.freebuf.com.

[18] National Institute of Standards and Technology.American national vulnerability database[DB/OL].2014[2014-07-23].http://web.nvd.nist.gov.

[19] 国家计算机网络应急技术处理协调中心.中国国家信息安全漏洞共享平台[DB/OL].2014[2014-07-23].http://www.cnvd.org.cn.

[20] Cobb C,Cobb S,Kabay M,et al.Penetrating computer systems and networks[M].Computer Security Handbook,2012.