• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

CVE-2021-3156 sudo提权漏洞复现


k8

Recommended Posts

影响版本

Sudo 1.8.2 – 1.8.31p2
Sudo 1.9.0 – 1.9.5p1

sudo官方位于1月26号已经修复,后面在安装的sudo已经补上了

yErSN6.png


官方链接:https://www.sudo.ws/

不影响的版本
sudo =>1.9.5p2

exp:https://github.com/422926799/note/tree/master/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/CVE-2021-3156
来源于某微信公众号:https://mp.weixin.qq.com/s/c9UiJ74TbLXziK08tumIHA

环境

Debain Sudo version 1.8.31p1
Ubuntu Sudo version 1.8.21p2 (昨天安的sudo已经修复)

复现过程

检测是否存在漏洞

sudoedit -s /
  • 1

存在

yErYEq.png

不存在

yErg56.png

下载exp,make。然后运行sudo-hax-me-a-sandwich

yErhxe.png
yErbIP.png
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now