Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/q77190858/CVE-2021-3156
sudo提权漏洞CVE-2021-3156复现代码
https://github.com/q77190858/CVE-2021-3156
Last synced: 3 months ago
JSON representation
sudo提权漏洞CVE-2021-3156复现代码
- Host: GitHub
- URL: https://github.com/q77190858/CVE-2021-3156
- Owner: q77190858
- Created: 2022-05-26T02:47:53.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2022-05-26T02:49:56.000Z (over 2 years ago)
- Last Synced: 2024-04-24T14:15:16.957Z (6 months ago)
- Language: C
- Size: 1.95 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - q77190858/CVE-2021-3156 - sudo提权漏洞CVE-2021-3156复现代码 (C)
README
# CVE-2021-3156
#### Root shell PoC for CVE-2021-3156 (no bruteforce)
For educational purposes etc.
Tested on Ubuntu 20.04 against sudo 1.8.31
All research credit: **Qualys Research Team**
Check out the details on their [blog](https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit).
You can check your version of sudo is vulnerable with: `$ sudoedit -s Y`.
If it asks for your password it's most likely vulnerable, if it prints usage information it isn't.
You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with `$ sudo apt install sudo=1.8.31-1ubuntu1`
#### Usage
`$ make`
`$ ./exploit`