Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

CVE-2021-3156 sudo提权漏洞复现

 Share


Recommended Posts

影响版本

Sudo 1.8.2 – 1.8.31p2
Sudo 1.9.0 – 1.9.5p1

sudo官方位于1月26号已经修复,后面在安装的sudo已经补上了

yErSN6.png


官方链接:https://www.sudo.ws/

不影响的版本
sudo =>1.9.5p2

exp:https://github.com/422926799/note/tree/master/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/CVE-2021-3156
来源于某微信公众号:https://mp.weixin.qq.com/s/c9UiJ74TbLXziK08tumIHA

环境

Debain Sudo version 1.8.31p1
Ubuntu Sudo version 1.8.21p2 (昨天安的sudo已经修复)

复现过程

检测是否存在漏洞

sudoedit -s /

 

存在

yErYEq.png

不存在

yErg56.png

下载exp,make。然后运行sudo-hax-me-a-sandwich

yErhxe.png
yErbIP.png
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...