PoC Eploit Sudo 1.9.5p1 (CVE-2021-3156) Heap-Based Buffer Overflow Privilege Escalation.

CVE-2021-3156 is a new severe vulnerability was found in Unix and Linux operating systems that allow an unprivileged user to exploit this vulnerability using Sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file.

Credit to: Advisory by Baron Samedit of Qualys

How to check if you are affected.

The sudo project released a command that allows you to test whether your version of sudo is vulnerable:

sudoedit -s '\' `perl -e 'print "A" x 65536'`

If you receive a usage or error message, sudo is not vulnerable. If the result is a Segmentation fault, sudo is vulnerable.

Download the exploit code.

git clone https://github.com/CyberCommands/exploit-sudoedit.git sudoedit/

cd sudoedit/

sudo python3 exploit.py --help

Important Note for Exploit.

• The modified time of /etc/passwd needs to be newer than the system boot time, if it isn't you can use chsh to update it. Unfortunately this means you will have to know the password for the account you are running as. Remember that chsh doesn't accept empty passwords by default so if it is empty you may have to set one with passwd.