Shulou(Shulou.com)05/31 Report--

This article introduces you how to reproduce the local rights loophole CVE-2021-3156, the content is very detailed, interested friends can refer to, I hope it can be helpful to you.

Brief introduction of 0x00 vulnerability

Sudo is a powerful tool that allows ordinary users to execute root permission commands, and most Unix and Linux-based operating systems include sudo.

On January 26, 2021, sudo was disclosed to have a heap-based buffer overflow vulnerability (CVE-2021-3156, named "Baron Samedit") that could lead to local privilege escalation.

When executing commands on Unix-like operating systems, non-root users can use the sudo command to execute commands as root users. Because sudo mistakenly escaped the backslash in the parameter, the heap buffer overflowed, allowing any local user (whether in the sudoers file or not) to gain root privileges without authentication, and the attacker does not need to know the user's password.

Security researchers publicly disclosed the vulnerability on January 26 and said it had been hidden for nearly a decade.

0x01 affects version

Sudo 1.8.2-1.8.31p2

Sudo 1.9.0-1.9.5p1

Test whether the system is vulnerable to this vulnerability:

1. Log in to the system as a non-root user.

two。 Run the command "sudoedit-s /"

3. If an error response that starts with "sudoedit:" occurs, the system is affected by this vulnerability; if an error response that starts with "usage:" occurs, the vulnerability has been patched.

Recurrence of 0x02 vulnerabilities

1. Deploy virtual machine environment

two。 Log in to the server as an ordinary user through ssh

3. For normal user permissions, enter: sudoedit-s /

4. If sudoedit: /: not a regular file is displayed, the vulnerability exists

5. Download vulnerability poc:

Https://haxx.in/CVE-2021-3156_nss_poc_ubuntu.tar.gz

6. Upload poc to the target server, grant permissions, and then execute

Make &. / sudo-hax-me-a-sandwich 0

There are # indicating successful exploitation of the vulnerability.

Check to see if it is root permission

View system process

0x03 repair recommendation

It is recommended that you upgrade sudo to the latest version in time.

Download link:

Https://www.sudo.ws/dist/

On how to carry out the local rights loophole CVE-2021-3156 reproduced to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.