← voltar
CVE-2021-3156

CVE-2021-3156

CVSS 7.8 HIGHEPSS 99.3%● KEVCWE-193
Em resumo

O Sudo possui um erro que permite a um usuário local executar código com privilégios de root através de um comando sudoedit especialmente construído terminado com uma barra invertida. Afeta versões antigas do Sudo e compromete a segurança do sistema.

Detalhe técnico

Um erro off-by-one no Sudo anterior à versão 1.9.5p2 causa transbordamento de buffer baseado em heap ao processar sudoedit com flag -s e argumentos terminados em barra invertida. Permite escalação de privilégio local para root; requer que sudoedit esteja disponível ao usuário.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a
PoCs públicas encontradas90
githubgithub.com/blasty/CVE-2021-31561014githubgithub.com/worawit/CVE-2021-3156800githubgithub.com/stong/CVE-2021-3156431githubgithub.com/LiveOverflow/pwnedit227githubgithub.com/Rvn0xsy/CVE-2021-3156-plus205githubgithub.com/CptGibbon/CVE-2021-3156158githubgithub.com/reverse-ex/CVE-2021-3156112githubgithub.com/0x4ndy/clif100githubgithub.com/0xdevil/CVE-2021-315651githubgithub.com/mbcrump/CVE-2021-315639githubgithub.com/mr-r3b00t/CVE-2021-315635githubgithub.com/PhuketIsland/CVE-2021-3156-centos730githubgithub.com/kernelzeroday/CVE-2021-3156-Baron-Samedit17githubgithub.com/jm33-m0/CVE-2021-315616githubgithub.com/redhawkeye/sudo-exploit15githubgithub.com/chenaotian/CVE-2021-315611githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/apogiatzis/docker-CVE-2021-31567githubgithub.com/PurpleOzone/PE_CVE-CVE-2021-31567githubgithub.com/1N53C/CVE-2021-3156-PoC7githubgithub.com/teamtopkarl/CVE-2021-31567githubgithub.com/Mhackiori/CVE-2021-31566githubgithub.com/dinhbaouit/CVE-2021-31565githubgithub.com/yaunsky/cve-2021-31565githubgithub.com/lmol/CVE-2021-31564githubgithub.com/baka9moe/CVE-2021-3156-Exp4githubgithub.com/elbee-cyber/CVE-2021-3156-PATCHER3githubgithub.com/kal1gh0st/CVE-2021-31563githubgithub.com/ph4ntonn/CVE-2021-31563githubgithub.com/musergi/CVE-2021-31562githubgithub.com/lypd0/CVE-2021-3156-checker2githubgithub.com/Q4n/CVE-2021-31562githubgithub.com/SantiagoSerrao/ScannerCVE-2021-31561githubgithub.com/nobodyatall648/CVE-2021-31561githubgithub.com/DASICS-ICT/DASICS-CVE-2021-31561githubgithub.com/q77190858/CVE-2021-31561githubgithub.com/RodricBr/CVE-2021-31561githubgithub.com/binw2018/CVE-2021-3156-SCRIPT1githubgithub.com/0x7183/CVE-2021-31561githubgithub.com/unauth401/CVE-2021-31561githubgithub.com/TheFlash2k/CVE-2021-31561githubgithub.com/donghyunlee00/CVE-2021-31561githubgithub.com/BearCat4/CVE-2021-31561githubgithub.com/DDayLuong/CVE-2021-31560githubgithub.com/Robblackcatchai/porfolio-Baron-Samedit0githubgithub.com/nexcess/sudo_cve-2021-31560githubgithub.com/ymrsmns/CVE-2021-31560githubgithub.com/freeFV/CVE-2021-31560githubgithub.com/Ashish-dawani/CVE-2021-3156-Patch0githubgithub.com/DanielAzulayy/CTF-20210githubgithub.com/cdeletre/Serpentiel-CVE-2021-31560githubgithub.com/perlun/sudo-1.8.3p1-patched0githubgithub.com/gmldbd94/cve-2021-31560githubgithub.com/oneoy/CVE-2021-31560githubgithub.com/capturingcats/CVE-2021-31560githubgithub.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build0githubgithub.com/Exodusro/CVE-2021-31560githubgithub.com/sbladiamond/CVE-2021-31560githubgithub.com/d3c3ptic0n/CVE-2021-31560githubgithub.com/halissha/CVE-2021-31560githubgithub.com/sharkmoos/Baron-Samedit0githubgithub.com/arvindshima/CVE-2021-31560githubgithub.com/HuzaifaTariqAfzalKhan/CVE-Exploit-Research-Development-ITSOLERA0githubgithub.com/VilmarTuminskii/cve-2021-3156-sudo-lab0githubgithub.com/DakerQirszh/cve-2021-31560githubgithub.com/TheLeopard65/CVE-2021-3156-Baron-Samedit0githubgithub.com/Rana-Ali93/CVE-2021-3156-Sudo-Buffer-Overflow-Linux0githubgithub.com/calonnuotcabe/CVE-2021-31560githubgithub.com/Kranti08/CVE-2021-3156-Baron-Samedit0githubgithub.com/hycheng15/CVE-2021-31560githubgithub.com/mutur4/CVE-2021-31560githubgithub.com/asepsaepdin/CVE-2021-31560githubgithub.com/ngtuonghung/CVE-2021-31560githubgithub.com/wurwur/CVE-2021-31560githubgithub.com/acidburn2049/CVE-2021-31560githubgithub.com/Bad3r/CVE-2021-3156-without-ip-command0githubgithub.com/Sebastianbedoya25/CVE-2021-31560githubgithub.com/czeti/baron-samedit0githubgithub.com/Sornphut/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit-0githubgithub.com/shishirpandey18/CVE-2021-31560githubgithub.com/Shuhaib88/Baron-Samedit-Heap-Buffer-Overflow-CVE-2021-31560githubgithub.com/Superliverbun/cve-2021-3156-0githubgithub.com/TopskiyPavelQwertyGang/Review.CVE-2021-31560cve_referencepacketstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/49521não verificadocve_referencepacketstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlnão verificadocve_referencepacketstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlnão verificadocve_referencepacketstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/49522não verificadocve_referencepacketstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2021/Feb/42http://seclists.org/fulldisclosure/2021/Jan/79http://seclists.org/fulldisclosure/2024/Feb/3https://kc.mcafee.com/corporate/index?page=content&id=SB10348https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/