CVE-2021-3156 icon indicating copy to clipboard operation
CVE-2021-3156 copied to clipboard

Published 20 hours ago verified publisher icon worawit

Exploitation on Debian 7

Open sandycrack opened this issue 3 years ago • 1 comments

Is exploitation possible on Debian 7.11(x86_64) sudo version 1.8.5p2

Kernel: 3.10.0

ldd version: 2.13-38+deb7u12

POCs lead to segfault and the last resort timestamp race is not effective

Any help would be appreciated!

sandycrack avatar Apr 04 '21 18:04 sandycrack

Debian 7 is very old. An exploit with tcache method definitely does not work.

I don't know whether Debian 7 is exploitable. All exploits in this repository definitely do not work.

You have to debug heap usage. I would start from exploit_nss_u14.py because libc on Ubuntu14.04 and Debian7 are eglibc.

worawit avatar Apr 06 '21 10:04 worawit