Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3156 PoC — Sudo 缓冲区错误漏洞

Source
https://github.com/0xdevil/CVE-2021-3156
Associated Vulnerability
Title:Sudo 缓冲区错误漏洞 (CVE-2021-3156)
Description:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.5p2 之前版本存在缓冲区错误漏洞,攻击者可使用sudoedit -s和一个以单个反斜杠字符结束的命令行参数升级到root。
Description
CVE-2021-3156: Sudo heap overflow exploit for Debian 10
Readme
# CVE-2021-3156
CVE-2021-3156: Sudo heap overflow exploit for Debian 10 

Vulnerability analysis and exploit development: https://syst3mfailure.io/sudo-heap-overflow

![img](exploit.gif)

Exploit designed for:

- Sudo:

        Version 1.8.27 (1.8.27-1+deb10u1)
        Checksum (sha256): b83f8f4e763ae9860f1e3bde7f6cc913da51ceccc31d84c1cca2f86ac680e1de

        Version 1.8.27 (1.8.27-1+deb10u2)
        Checksum (sha256): ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038
        
- Glibc:

        Version 2.28
        Checksum (sha256): dedb887a5c49294ecd850d86728a0744c0e7ea780be8de2d4fc89f6948386937

- Debian 10:

        Linux debian 4.19.0-10-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux
        Linux debian 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux
        Linux debian 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux
File Snapshot

 [4.0K]  /data/pocs/284ef65ae3c013d19a7f7e3eb9637a14af1fe97c
├── [4.0K]  debug
│   ├── [  59]  attach_1.sh
│   ├── [  55]  attach_2.sh
│   ├── [2.9K]  fuzzer.py
│   ├── [ 177]  gdb_cmds
│   ├── [ 183]  run_1.py
│   ├── [ 144]  run_2.py
│   ├── [4.0K]  src
│   │   ├── [ 11K]  dl-libc.c
│   │   ├── [ 34K]  dl-lookup.c
│   │   ├── [ 24K]  nsswitch.c
│   │   ├── [7.9K]  nsswitch.h
│   │   ├── [ 23K]  parse_args.c
│   │   ├── [ 43K]  sudo.c
│   │   └── [ 35K]  sudoers.c
│   └── [4.0K]  tests
│       ├── [ 898]  test_1.c
│       ├── [ 898]  test_2.c
│       └── [1.0K]  test_3.c
├── [1.2K]  exploit.c
├── [186K]  exploit.gif
├── [ 134]  exploit.sh
├── [4.0K]  libnss_XXXXXXX
│   └── [ 470]  XXXXXX.c
├── [ 34K]  LICENSE
├── [ 160]  Makefile
└── [ 912]  README.md

4 directories, 23 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.