Exploit for #VU50040 Heap-based buffer overflow in Sudo

Cybersecurity Help s.r.o.

Published: 2021-02-09 | Updated: 2023-05-14

Vulnerability identifier: #VU50040

Vulnerability risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2021-3156

CWE-ID: CWE-122

Exploitation vector: Local

Exploits in database: 40

May 14, 2023
- PE_CVE-CVE-2021-3156 (Exploit for Ubuntu 20.04 using CVE-2021-3156 enhanced with post-exploitation scripts) [Github]
November 3, 2022
- CVE-2021-3156-centos7 (利用sudo提权，只针对cnetos7) [Github]
July 14, 2022
- CVE-2021-3156 () [Github]
March 27, 2022
- CVE-2021-3156 (Script en python sobre la vulnerabilidad CVE-2021-3156) [Github]
March 17, 2022
- CVE-2021-3156-PoC () [Github]
January 30, 2022
- CVE-2021-3156 (Exploit for CVE-2021-3156) [Github]
December 15, 2021
- CVE-2021-3156 (复现别人家的CVEs系列) [Github]
- CVE-2021-3156 (CVE-2021-3156 Vagrant Lab) [Github]
October 24, 2021
- CVE-2021-3156 () [Github]
October 22, 2021
- CVE-2021-3156 (CVE-2021-3156 exploit) [Github]
- CVE-2021-3156 () [Github]
October 14, 2021
- CVE-2021-3156 () [Github]
September 27, 2021
- sudo-exploit (CVE-2021-3156 - sudo exploit for ubuntu 18.04 & 20.04) [Github]
September 19, 2021
- CVE-2021-3156 (sudo heap overflow to LPE, in Go) [Github]
September 6, 2021
- CVE-2021-3156 () [Github]
August 8, 2021
- CVE-2021-3156 () [Github]
July 25, 2021
- CVE-2021-3156 () [Github]
- CVE-2021-3156 (Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. ) [Github]
July 1, 2021
- docker-CVE-2021-3156 (A docker environment to research CVE-2021-3156) [Github]
June 30, 2021
- CVE-2021-3156 () [Github]
June 24, 2021
- CVE-2021-3156-Baron-Samedit (1day research effort) [Github]
June 21, 2021
- sudo-cve-2021 (sudo安全漏洞检测脚本，用来检查您的系统当前是否存在相关的安全漏洞。) [Github]
June 17, 2021
- Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1) [Exploit-DB]
- Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2) [Exploit-DB]
June 13, 2021
- CVE-2021-3156 () [Github]
May 30, 2021
- CVE-2021-3156 (CVE-2021-3156) [Github]
May 24, 2021
- CVE-2021-3156 (PoC for CVE-2021-3156 (sudo heap overflow)) [Github]
May 20, 2021
- pwnedit (CVE-2021-3156 - Sudo Baron Samedit) [Github]
- CVE-2021-3156-plus (CVE-2021-3156非交互式执行命令) [Github]
May 18, 2021
- CVE-2021-3156 () [Github]
- CVE-2021-3156 () [Github]
- CVE-2021-3156 (Root shell PoC for CVE-2021-3156) [Github]
- CVE-2021-3156 (Notes regarding CVE-2021-3156: Heap-Based Buffer Overflow in Sudo) [Github]
May 9, 2021
- Sudo Heap-Based Buffer Overflow [Metasploit]
March 22, 2021
- CVE-2021-3156 (Exploit generator for sudo CVE-2021-3156) [Github]
March 18, 2021
- CVE-2021-3156 (Sudo Baron Samedit Exploit) [Github]
- Sudo-Spunk (An Exploit Utlising CVE-2021-3156 To Harvest All passwords in any Linux system with Sudo < version 1.9.5p2.) [Github]
February 23, 2021
- kernel-exploit-factory (Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. ) [Github]
February 9, 2021
- CVE-2021-3156 (CVE-2021-3156: Sudo heap overflow exploit for Debian 10) [Github]
- CVE-2021-3156 (CVE-2021-3156: Sudo exploit for Debain 10) [Github]

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo