Full title: AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit 
Category: local exploits
Platform: linux
This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.

# 0day.today @ http://0day.today/