POC详情: 651f2f1c0a68150663faad59ac3575c32b3bd7dc

来源
https://github.com/r3k4t/how-to-solve-sudo-heap-based-bufferoverflow-vulnerability
关联漏洞
标题: Sudo 缓冲区错误漏洞 (CVE-2021-3156)
描述:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.5p2 之前版本存在缓冲区错误漏洞,攻击者可使用sudoedit -s和一个以单个反斜杠字符结束的命令行参数升级到root。
描述
How to solve Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156?
介绍
### How to solve Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156?

sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156 Original release date: February 02, 2021 Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. 

![Screenshot from 2021-02-11 20-15-10](https://user-images.githubusercontent.com/69615463/107727177-e42f2300-6d14-11eb-82f3-03470e22f501.png)

![Screenshot from 2021-02-11 14-02-54](https://user-images.githubusercontent.com/69615463/107727109-bfd34680-6d14-11eb-97b1-fdf0e3164e3d.png)

<h4>Terminal Command:</h4>


<h6>Solution :</h6>

+ wget https://sudo.ws/dist/sudo-1.9.5p2.tar.gz
+ tar xvzf sudo-1.9.5p2.tar.gz
+ sudo apt install  make

![Screenshot from 2021-02-11 20-32-43](https://user-images.githubusercontent.com/69615463/107727250-0fb20d80-6d15-11eb-8f27-a8b13661d4c4.png)


+ sudo ./configure
+ make && sudo make install


+ sudo --version

![Screenshot from 2021-02-11 20-41-08](https://user-images.githubusercontent.com/69615463/107727314-2eb09f80-6d15-11eb-82d5-ef4e48dde246.png)

+ sudoedit -s /

![Screenshot from 2021-02-11 20-40-03](https://user-images.githubusercontent.com/69615463/107727353-4be56e00-6d15-11eb-981f-d2fdafbbb3a4.png)
文件快照

 [4.0K]  /data/pocs/651f2f1c0a68150663faad59ac3575c32b3bd7dc
└── [1.3K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。