CVE-2021-3156 PoC — Sudo 缓冲区错误漏洞

Source

https://github.com/ymrsmns/CVE-2021-3156

Associated Vulnerability

Title:Sudo 缓冲区错误漏洞 (CVE-2021-3156)
Description:Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.5p2 之前版本存在缓冲区错误漏洞，攻击者可使用sudoedit -s和一个以单个反斜杠字符结束的命令行参数升级到root。

Description

CVE-2021-3156

Readme

## CVE-2021-3156

## Ansible role patches CVE-2021-3156 for CentOS

### Intro

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character

[CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156)

[News (RU)](https://habr.com/ru/news/t/539526/)

### RUN
```sh
ansible-playbook update_ssh.yml --tags ssh-update
```

File Snapshot


 [4.0K]  /data/pocs/d3388d0344589193b780714c45a4360f3e51428a
├── [4.0K]  inventory
│   └── [  57]  env
├── [ 444]  README.md
├── [4.0K]  roles
│   └── [4.0K]  ssh
│       └── [4.0K]  tasks
│           └── [ 590]  main.yml
└── [  51]  update_ssh.yml

4 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!