CVE-2019-8320

CVE-2019-8320

About

https://nvd.nist.gov/vuln/detail/CVE-2019-8320

PoC

https://hackerone.com/reports/317321

Environment used

• Ubuntu 18.04.4 LTS

Reproduction

• Server

  • Docker:

    bash Docker\ version/start.sh
    bash Docker\ version/stop.sh  

  • Script:

    cd Script\ version && bash installation.sh

• Client:

  • Docker:

    ssh <Server IP> -l guest -p 8022
    ruby builder.rb && sudo gem unpack rm_dir.gem

  • Script:

    • Run sudo mkdir -p /tmp/dir
    • Then

      ssh <Server IP> -l guest -p 22
      bash run.sh 

The result would be the deletion of /tmp/dir own by root.