Name | dmesg_leak |
CVE | CVE-2018-14656 |
Exploit Pack | CANVAS |
Description | dmesg_leak |
Notes | CVE Name: CVE-2018-14656 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note: This only works for now on Arch Linux with kernels 4.18. Caveats: 1. Attacking vmware, vbox or bare metal is absolutely the same, performance wise. 2. Not all the filesystems are handled. In particular tmpfs or XFS files cannot be leaked. 3. With this version you can only dump files fitting within a single page (<= 4096 bytes) VersionsAffected: CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14656 Repeatability: Infinite |
Learn more about the CANVAS Exploit Pack here: CANVAS |