CVE-2021-3156 PoC — Sudo 缓冲区错误漏洞

Source

https://github.com/ph4ntonn/CVE-2021-3156

Associated Vulnerability

Title:Sudo 缓冲区错误漏洞 (CVE-2021-3156)
Description:Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.5p2 之前版本存在缓冲区错误漏洞，攻击者可使用sudoedit -s和一个以单个反斜杠字符结束的命令行参数升级到root。

Description

CVE-2021-3156

Readme

# CVE-2021-3156

## 概述

Heap-based buffer overflow in Sudo (CVE-2021-3156)

由于```sudo```转义```\```不当而造成的堆溢出漏洞，LPE

## 影响范围

从1.8.2到1.8.31p2的所有版本

从1.9.0到1.9.5p1的所有稳定版本

## 检测命令

```sudoedit -s '\' `perl -e 'print "A" x 65536'```

如果出现类似```Segmentation fault (core dumped)```即表明存在漏洞

## 相关文献

https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt

## 分析

先占个坑，正在调试分析中，等分析完写完blog贴链接

File Snapshot


 [4.0K]  /data/pocs/e5fad9d2e667c972f156a84128c3d00fcc05e03b
└── [ 582]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!