CVE-2021-3156 icon indicating copy to clipboard operation
CVE-2021-3156 copied to clipboard

Published 20 hours ago verified publisher icon blasty

Easier approach to exploit sudo 1.9.4 and later versions (ineffective NO_ROOT_MAILER bug)

Open 0xdea opened this issue 4 years ago • 2 comments

A new approach was identified that should considerably simplify exploitation against sudo versions starting from 1.9.4: https://seclists.org/oss-sec/2021/q1/88

It might be worth checking it out and implementing it in your exploit.

0xdea avatar Jan 31 '21 10:01 0xdea

Thanks for the headsup. Do we know which distros besides Debian Bullseye shipped a sudo (at some point) that was vulnerable to the ineffective NO_ROOT_MAILER hardening?

blasty avatar Jan 31 '21 13:01 blasty

Based on a quick search of the coverage table provided by Qualys at the end of their blog post (https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit), I'd say that at least the following additional Linux distributions should be vulnerable:

  • Gentoo (https://security.gentoo.org/glsa/202101-33)
  • Fedora (https://bodhi.fedoraproject.org/updates/FEDORA-2021-8840cbdccd, https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb63d912a)

0xdea avatar Jan 31 '21 14:01 0xdea