一、 漏洞 CVE-2021-3156 基础信息
漏洞信息
# N/A
## 漏洞概述
Sudo在1.9.5p2之前版本中存在一个off-by-one错误,该错误可能导致堆基缓冲区溢出。攻击者可以通过使用`sudoedit -s`命令加上以单个反斜杠字符结尾的命令行参数,从而提升权限到root。
## 影响版本
- Sudo 1.9.5p2之前的所有版本
## 漏洞细节
- 漏洞是由off-by-one错误导致的堆基缓冲区溢出
- 攻击者可以利用`sudoedit -s`命令和命令行参数(该参数以单个反斜杠字符结尾)来触发漏洞
## 影响
- 可以提升权限至root级别
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Sudo 缓冲区错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.5p2 之前版本存在缓冲区错误漏洞,攻击者可使用sudoedit -s和一个以单个反斜杠字符结束的命令行参数升级到root。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
缓冲区错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-3156 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/mr-r3b00t/CVE-2021-3156 | POC详情 |
| 2 | None | https://github.com/nexcess/sudo_cve-2021-3156 | POC详情 |
| 3 | CVE-2021-3156 | https://github.com/reverse-ex/CVE-2021-3156 | POC详情 |
| 4 | None | https://github.com/unauth401/CVE-2021-3156 | POC详情 |
| 5 | CVE-2021-3156 | https://github.com/ymrsmns/CVE-2021-3156 | POC详情 |
| 6 | This simple bash script will patch the recently discovered sudo heap overflow vulnerability. | https://github.com/elbee-cyber/CVE-2021-3156-PATCHER | POC详情 |
| 7 | 1day research effort | https://github.com/kernelzeroday/CVE-2021-3156-Baron-Samedit | POC详情 |
| 8 | cve-2021-3156;sudo堆溢出漏洞;漏洞检测 | https://github.com/yaunsky/cve-2021-3156 | POC详情 |
| 9 | None | https://github.com/baka9moe/CVE-2021-3156-Exp | POC详情 |
| 10 | CVE-2021-3156 | https://github.com/ph4ntonn/CVE-2021-3156 | POC详情 |
| 11 | None | https://github.com/binw2018/CVE-2021-3156-SCRIPT | POC详情 |
| 12 | None | https://github.com/freeFV/CVE-2021-3156 | POC详情 |
| 13 | Notes regarding CVE-2021-3156: Heap-Based Buffer Overflow in Sudo | https://github.com/mbcrump/CVE-2021-3156 | POC详情 |
| 14 | PoC for CVE-2021-3156 (sudo heap overflow) | https://github.com/stong/CVE-2021-3156 | POC详情 |
| 15 | checking CVE-2021-3156 vulnerability & patch script | https://github.com/nobodyatall648/CVE-2021-3156 | POC详情 |
| 16 | None | https://github.com/blasty/CVE-2021-3156 | POC详情 |
| 17 | None | https://github.com/teamtopkarl/CVE-2021-3156 | POC详情 |
| 18 | 复现别人家的CVEs系列 | https://github.com/Q4n/CVE-2021-3156 | POC详情 |
| 19 | Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | https://github.com/kal1gh0st/CVE-2021-3156 | POC详情 |
| 20 | A docker environment to research CVE-2021-3156 | https://github.com/apogiatzis/docker-CVE-2021-3156 | POC详情 |
| 21 | a simple script to patch CVE-2021-3156 (heap based buffer overflow via sudo). | https://github.com/voidlsd/CVE-2021-3156 | POC详情 |
| 22 | Patch Script for CVE-2021-3156 Heap Overflow | https://github.com/Ashish-dawani/CVE-2021-3156-Patch | POC详情 |
| 23 | None | https://github.com/SantiagoSerrao/ScannerCVE-2021-3156 | POC详情 |
| 24 | CTF for HDE 64 students at See Security College. Exploit a JWT (web part) & CVE-2021-3156 (LPE part). | https://github.com/DanielAzulayy/CTF-2021 | POC详情 |
| 25 | None | https://github.com/cdeletre/Serpentiel-CVE-2021-3156 | POC详情 |
| 26 | CVE-2021-3156 Vagrant Lab | https://github.com/dinhbaouit/CVE-2021-3156 | POC详情 |
| 27 | Root shell PoC for CVE-2021-3156 | https://github.com/CptGibbon/CVE-2021-3156 | POC详情 |
| 28 | Custom version of sudo 1.8.3p1 with CVE-2021-3156 patches applied | https://github.com/perlun/sudo-1.8.3p1-patched | POC详情 |
| 29 | None | https://github.com/1N53C/CVE-2021-3156-PoC | POC详情 |
| 30 | CVE-2021-3156: Sudo heap overflow exploit for Debian 10 | https://github.com/0xdevil/CVE-2021-3156 | POC详情 |
| 31 | 보안취약점 확인 | https://github.com/gmldbd94/cve-2021-3156 | POC详情 |
| 32 | sudo heap overflow to LPE, in Go | https://github.com/jm33-m0/CVE-2021-3156 | POC详情 |
| 33 | CVE-2021-3156非交互式执行命令 | https://github.com/Rvn0xsy/CVE-2021-3156-plus | POC详情 |
| 34 | How to solve Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156? | https://github.com/r3k4t/how-to-solve-sudo-heap-based-bufferoverflow-vulnerability | POC详情 |
| 35 | None | https://github.com/oneoy/CVE-2021-3156 | POC详情 |
| 36 | Sudo Baron Samedit Exploit | https://github.com/worawit/CVE-2021-3156 | POC详情 |
| 37 | Exploit generator for sudo CVE-2021-3156 | https://github.com/lmol/CVE-2021-3156 | POC详情 |
| 38 | CVE-2021-3156漏洞修复Shell | https://github.com/BearCat4/CVE-2021-3156 | POC详情 |
| 39 | None | https://github.com/password520/CVE-2021-3156 | POC详情 |
| 40 | None | https://github.com/capturingcats/CVE-2021-3156 | POC详情 |
| 41 | CVE-2021-3156 - Sudo Baron Samedit | https://github.com/LiveOverflow/pwnedit | POC详情 |
| 42 | None | https://github.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build | POC详情 |
| 43 | None | https://github.com/donghyunlee00/CVE-2021-3156 | POC详情 |
| 44 | None | https://github.com/TheFlash2k/CVE-2021-3156 | POC详情 |
| 45 | None | https://github.com/Exodusro/CVE-2021-3156 | POC详情 |
| 46 | None | https://github.com/CyberCommands/CVE-2021-3156 | POC详情 |
| 47 | Sudo Heap Overflow Baron Samedit | https://github.com/0x7183/CVE-2021-3156 | POC详情 |
| 48 | None | https://github.com/Y3A/CVE-2021-3156 | POC详情 |
| 49 | CVE-2021-3156 - sudo exploit for ubuntu 18.04 & 20.04 | https://github.com/redhawkeye/sudo-exploit | POC详情 |
| 50 | Sudo heap-based buffer overflow privilege escalation commands and mitigations. | https://github.com/d3c3ptic0n/CVE-2021-3156 | POC详情 |
| 51 | None | https://github.com/musergi/CVE-2021-3156 | POC详情 |
| 52 | CVE-2021-3156 exploit | https://github.com/halissha/CVE-2021-3156 | POC详情 |
| 53 | Exploit and Demo system for CVE-2021-3156 | https://github.com/sharkmoos/Baron-Samedit | POC详情 |
| 54 | CVE-2021-3156 POC and Docker and Analysis write up | https://github.com/chenaotian/CVE-2021-3156 | POC详情 |
| 55 | CVE-2021-3156 deep dive. | https://github.com/ret2basic/SudoScience | POC详情 |
| 56 | None | https://github.com/puckiestyle/CVE-2021-3156 | POC详情 |
| 57 | Exploit for CVE-2021-3156 | https://github.com/barebackbandit/CVE-2021-3156 | POC详情 |
| 58 | CVE-2021-3156 | https://github.com/RodricBr/CVE-2021-3156 | POC详情 |
| 59 | CMPT733 Cybersecurity Lab II Project: GDB plugin for heap exploits inspired by CVE-2021-3156 | https://github.com/ypl6/heaplens | POC详情 |
| 60 | sudo提权漏洞CVE-2021-3156复现代码 | https://github.com/q77190858/CVE-2021-3156 | POC详情 |
| 61 | CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | https://github.com/arvindshima/CVE-2021-3156 | POC详情 |
| 62 | Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability | https://github.com/Mhackiori/CVE-2021-3156 | POC详情 |
| 63 | The test report of this exploit. | https://github.com/baka9moe/CVE-2021-3156-TestReport | POC详情 |
| 64 | 利用sudo提权,只针对cnetos7 | https://github.com/PhuketIsland/CVE-2021-3156-centos7 | POC详情 |
| 65 | clif is a command-line interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that for some reasons, Google's afl-fuzz doesn't allow for unlimited argument or option specification. | https://github.com/0x4ndy/clif | POC详情 |
| 66 | None | https://github.com/meowhua15/CVE-2021-3156 | POC详情 |
| 67 | None | https://github.com/mutur4/CVE-2021-3156 | POC详情 |
| 68 | Exploit for Ubuntu 20.04 using CVE-2021-3156 enhanced with post-exploitation scripts | https://github.com/PurpleOzone/PE_CVE-CVE-2021-3156 | POC详情 |
| 69 | None | https://github.com/asepsaepdin/CVE-2021-3156 | POC详情 |
| 70 | None | https://github.com/DDayLuong/CVE-2021-3156 | POC详情 |
| 71 | Forked from @worawit, shorter&optimized. Only works for sudo=1.8.23 on Centos7 | https://github.com/wurwur/CVE-2021-3156 | POC详情 |
| 72 | None | https://github.com/SamTruss/LMU-CVE-2021-3156 | POC详情 |
| 73 | kernal exploit 3156 | https://github.com/34rthq04k3/CVE-2021-3156 | POC详情 |
| 74 | kernal exploit 3156 | https://github.com/ragingkarson/CVE-2021-3156 | POC详情 |
| 75 | Checker for CVE-2021-3156 with static version check | https://github.com/lypd0/CVE-2021-3156-checker | POC详情 |
| 76 | None | https://github.com/ZTK-009/CVE-2021-3156 | POC详情 |
| 77 | Y3A / CVE-2021-3156 | https://github.com/EthicalSecurity-Agency/Y3A-CVE-2021-3156 | POC详情 |
| 78 | None | https://github.com/DASICS-ICT/DASICS-CVE-2021-3156 | POC详情 |
| 79 | None | https://github.com/Typical0day/CVE-2021-3156 | POC详情 |
| 80 | None | https://github.com/hycheng15/CVE-2021-3156 | POC详情 |
| 81 | None | https://github.com/acidburn2049/CVE-2021-3156 | POC详情 |
| 82 | fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead of the ip command | https://github.com/Bad3r/CVE-2021-3156-without-ip-command | POC详情 |
| 83 | None | https://github.com/Sebastianbedoya25/CVE-2021-3156 | POC详情 |
| 84 | This repository contains a Proof-of-Concept (PoC) exploit for the Baron Samedit vulnerability (CVE-2021-3156). The exploit demonstrates privilege escalation on Ubuntu 20.04 with sudo version 1.8.31 and glibc version 2.31. It includes an assembly-based exploit, a shared object payload, and a Makefile for automated compilation. | https://github.com/ten-ops/baron-samedit | POC详情 |
| 85 | None | https://github.com/Sornphut/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit- | POC详情 |
| 86 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2021/CVE-2021-3156.yaml | POC详情 |
| 87 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Linux%20sudo%20%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E%20CVE-2021-3156.md | POC详情 |
| 88 | None | https://github.com/shishirpandey18/CVE-2021-3156 | POC详情 |
| 89 | None | https://github.com/duongdz96/CVE-2021-3156-main | POC详情 |
| 90 | None | https://github.com/Shuhaib88/Baron-Samedit-Heap-Buffer-Overflow-CVE-2021-3156 | POC详情 |
| 91 | None | https://github.com/Superliverbun/cve-2021-3156- | POC详情 |
| 92 | CVE-2021-3156-Exploit-Demo | https://github.com/TopskiyPavelQwertyGang/Review.CVE-2021-3156 | POC详情 |
| 93 | Exploit para explotar la vulnerabilidad CVE-2021-3156. | https://github.com/Maalfer/Sudo-CVE-2021-3156 | POC详情 |
三、漏洞 CVE-2021-3156 的情报信息
- https://security.netapp.com/advisory/ntap-20210128-0002/ x_refsource_CONFIRM
-
标题: sudoedit pwned (CVE-2021-3156) - vsociety -- 🔗来源链接
标签:
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
- https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
- https://www.synology.com/security/advisory/Synology_SA_21_02 x_refsource_CONFIRM
- https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability x_refsource_MISC
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348 x_refsource_CONFIRM
- https://support.apple.com/kb/HT212177 x_refsource_CONFIRM
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html x_refsource_MISC
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html x_refsource_MISC
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20210128-0001/ x_refsource_CONFIRM
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html x_refsource_MISC
- https://www.openwall.com/lists/oss-security/2021/01/26/3 x_refsource_MISC
- https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
- https://www.sudo.ws/stable.html#1.9.5p2 x_refsource_CONFIRM
- https://www.debian.org/security/2021/dsa-4839 vendor-advisory x_refsource_DEBIAN
- https://www.kb.cert.org/vuls/id/794544 third-party-advisory x_refsource_CERT-VN
- https://security.gentoo.org/glsa/202101-33 vendor-advisory x_refsource_GENTOO
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/ vendor-advisory x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/ vendor-advisory x_refsource_FEDORA
- http://www.openwall.com/lists/oss-security/2021/09/14/2 mailing-list x_refsource_MLIST
- http://seclists.org/fulldisclosure/2024/Feb/3 mailing-list
- http://seclists.org/fulldisclosure/2021/Jan/79 mailing-list x_refsource_FULLDISC
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/02/15/1 mailing-list x_refsource_MLIST
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM vendor-advisory x_refsource_CISCO
- http://www.openwall.com/lists/oss-security/2024/01/30/6 mailing-list
- http://www.openwall.com/lists/oss-security/2021/01/26/3 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/01/27/2 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/01/27/1 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2024/01/30/8 mailing-list
- http://seclists.org/fulldisclosure/2021/Feb/42 mailing-list x_refsource_FULLDISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-3156
四、漏洞 CVE-2021-3156 的评论
暂无评论