Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-3156

Description

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

POC

Reference

- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

- http://seclists.org/fulldisclosure/2024/Feb/3

- http://www.openwall.com/lists/oss-security/2024/01/30/6

- http://www.openwall.com/lists/oss-security/2024/01/30/8

- https://kc.mcafee.com/corporate/index?page=content&id=SB10348

- https://www.oracle.com//security-alerts/cpujul2021.html

- https://www.oracle.com/security-alerts/cpuapr2022.html

- https://www.oracle.com/security-alerts/cpuoct2021.html

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0kraven/MalDevJournal

- https://github.com/0x06K/MalDevJournal

- https://github.com/0x4ndy/clif

- https://github.com/0x7183/CVE-2021-3156

- https://github.com/0x7n6/OSCP

- https://github.com/0xMarcio/cve

- https://github.com/0xStrygwyr/OSCP-Guide

- https://github.com/0xZipp0/OSCP

- https://github.com/0xdevil/CVE-2021-3156

- https://github.com/0xsakthi/my-pentest-notes

- https://github.com/0xsyr0/OSCP

- https://github.com/10cks/intranet-pentest

- https://github.com/1N53C/CVE-2021-3156-PoC

- https://github.com/20142995/sectool

- https://github.com/2lambda123/CVE-mitre

- https://github.com/2lambda123/Falco-bypasses

- https://github.com/2lambda123/Windows10Exploits

- https://github.com/30579096/vCenterVulns

- https://github.com/4xura/Fuzzing-Sudo

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARGOeu-Metrics/secmon-probes

- https://github.com/ARGOeu/secmon-probes

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AbdoFarid1/R00tKeep3r

- https://github.com/AbdullahRizwan101/Baron-Samedit

- https://github.com/Al1ex/LinuxEelvation

- https://github.com/Andromeda254/cve

- https://github.com/ArrestX/--POC

- https://github.com/Ashish-dawani/CVE-2021-3156-Patch

- https://github.com/AurelienADVANCED/ProjetIceCream

- https://github.com/BLACKHAT-SSG/MindMaps2

- https://github.com/Bad3r/CVE-2021-3156-without-ip-command

- https://github.com/BearCat4/CVE-2021-3156

- https://github.com/Bubleh21/CVE-2021-3156

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/ClassBluer/Exploit_Tools

- https://github.com/Coldplay1517/Middleware-Vulnerability-detection-master

- https://github.com/CptGibbon/CVE-2021-3156

- https://github.com/CrackerCat/cve-2021-3157

- https://github.com/CracksoftShlok/LinuxPrivEscResearch

- https://github.com/CyberCommands/CVE-2021-3156

- https://github.com/CyberCommands/exploit-sudoedit

- https://github.com/DASICS-ICT/DASICS-CVE-2021-3156

- https://github.com/DDayLuong/CVE-2021-3156

- https://github.com/Daniel-Ayz/OSCP

- https://github.com/DanielAzulayy/CTF-2021

- https://github.com/DanielShmu/OSCP-Cheat-Sheet

- https://github.com/DarkFunct/CVE_Exploits

- https://github.com/Disturbante/Linux-Pentest

- https://github.com/Drakfunc/CVE_Exploits

- https://github.com/DrewSC13/Linpeas

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/EdgeSecurityTeam/Vulnerability

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/EthicalSecurity-Agency/Y3A-CVE-2021-3156

- https://github.com/EvansWJ-dev/KaliMisc

- https://github.com/EvilAnne/2021-Read-article

- https://github.com/Exodusro/CVE-2021-3156

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/Floodnut/paper_docs_study

- https://github.com/Floodnut/papers_documents_Analysis

- https://github.com/GhostTroops/TOP

- https://github.com/Gutem/scans-exploits

- https://github.com/H4niz/oscp-note

- https://github.com/HadessCS/Awesome-Privilege-Escalation

- https://github.com/HuzaifaTariqAfzalKhan/CVE-Exploit-Research-Development-ITSOLERA

- https://github.com/HynekPetrak/HynekPetrak

- https://github.com/JERRY123S/all-poc

- https://github.com/JMontRod/Pruebecita

- https://github.com/JeanR12/Persistence-Script-Script-Exploit-

- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

- https://github.com/Jung2023/XSS-CTF

- https://github.com/Jung2023/portfolio_CTF

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/Kiosec/Linux-Exploitation

- https://github.com/Kiprey/Skr_Learning

- https://github.com/Lazykakarot1/Learn-365

- https://github.com/LiveOverflow/pwnedit

- https://github.com/Ly0nt4r/OSCP

- https://github.com/Maalfer/Sudo-CVE-2021-3156

- https://github.com/Maikefee/linux-exploit-hunter

- https://github.com/Meowmycks/OSCPprep-Cute

- https://github.com/Meowmycks/OSCPprep-Sar

- https://github.com/Meowmycks/OSCPprep-hackme1

- https://github.com/Mhackiori/CVE-2021-3156

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Morton-L/BoltWrt

- https://github.com/Morton-Li/BoltWrt

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NeQuissimus/nixos-vuln

- https://github.com/Neiver97/FinalProject-SO-20241

- https://github.com/Nerix-code/hello

- https://github.com/Network-Sec/bin-tools-pub

- https://github.com/Nokialinux/CVE-2021-3156

- https://github.com/NormalPerson001/sudo-1.8.31

- https://github.com/Offensive-Penetration-Security/OPSEC-Hall-of-fame

- https://github.com/OrangeGzY/security-research-learning

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PhuketIsland/CVE-2021-3156-centos7

- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root-

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/PurpleOzone/PE_CVE-CVE-2021-3156

- https://github.com/PwnAwan/MindMaps2

- https://github.com/Q4n/CVE-2021-3156

- https://github.com/Rai2en/OSCP-Notes

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/RodricBr/CVE-2021-3156

- https://github.com/Ruviixx/proyecto-ps

- https://github.com/Rvn0xsy/CVE-2021-3156-plus

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/SPXcz/IC1_projekt

- https://github.com/SYRTI/POC_to_review

- https://github.com/Sabhareesh2002/Cat-picture---Tryhackme

- https://github.com/SamTruss/LMU-CVE-2021-3156

- https://github.com/SantiagoSerrao/ScannerCVE-2021-3156

- https://github.com/SantoriuHen/NotesHck

- https://github.com/Sebastianbedoya25/CVE-2021-3156

- https://github.com/Self-Study-Committee/Skr_Learning

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shuhaib88/Baron-Samedit-Heap-Buffer-Overflow-CVE-2021-3156

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Sornphut/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit-

- https://github.com/Spektrainfiniti/MP

- https://github.com/Superliverbun/cve-2021-3156-

- https://github.com/TBHIDK24/MalDevJournal

- https://github.com/TBHIDK57/MalDevJournal

- https://github.com/Technetium1/stars

- https://github.com/TheFlash2k/CVE-2021-3156

- https://github.com/TheSerialiZator/CTF-2021

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Timirepo/CVE_Exploits

- https://github.com/TopskiyPavelQwertyGang/Review.CVE-2021-3156

- https://github.com/Toufupi/CVE_Collection

- https://github.com/Trivialcorgi/Proyecto-Prueba-PPS

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Typical0day/CVE-2021-3156

- https://github.com/VishuGahlyan/OSCP

- https://github.com/VishuGahlyan/OSCP-Notes

- https://github.com/Whiteh4tWolf/Sudo-1.8.31-Root-Exploit

- https://github.com/Whiteh4tWolf/xcoderootsploit

- https://github.com/WhooAmii/POC_to_review

- https://github.com/WilliamQ28/Worst-autoLinPrivesc

- https://github.com/X-The-Mystic/xframe

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/XinLiu2025/openkylinsat

- https://github.com/Y3A/CVE-2021-3156

- https://github.com/ZTK-009/CVE-2021-3156

- https://github.com/ZacharyKirkeby/CVE_a_Week

- https://github.com/ZammelSofien/Exploiting-GetSimple-3.3.15

- https://github.com/ZartoshtSakari/ZartoshtSakari

- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

- https://github.com/aasphixie/aasphixie.github.io

- https://github.com/abedra/securing_security_software

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/amanszpapaya/MacPer

- https://github.com/anquanscan/sec-tools

- https://github.com/anukiii/Malware_Project_team3

- https://github.com/apachecn-archive/Middleware-Vulnerability-detection

- https://github.com/apogiatzis/docker-CVE-2021-3156

- https://github.com/aquahubtest4/r4j

- https://github.com/aquahubtest5/r4j

- https://github.com/arvindshima/CVE-2021-3156

- https://github.com/asepsaepdin/CVE-2021-3156

- https://github.com/axelmierczuk/privesc

- https://github.com/b3nn3tt/Kali-Linux-Setup-Tool

- https://github.com/baka9moe/CVE-2021-3156-Exp

- https://github.com/baka9moe/CVE-2021-3156-TestReport

- https://github.com/barebackbandit/CVE-2021-3156

- https://github.com/bbugdigger/Vuln-Analysis

- https://github.com/bc29ea3c101054baa1429ffc2edba4ae/sigma_detection_rules

- https://github.com/beruangsalju/LocalPrivilegeEscalation

- https://github.com/bijaysenihang/sigma_detection_rules

- https://github.com/binw2018/CVE-2021-3156-SCRIPT

- https://github.com/blackberry/Falco-bypasses

- https://github.com/blasty/CVE-2021-3156

- https://github.com/bollwarm/SecToolSet

- https://github.com/bsauce/kernel-exploit-factory

- https://github.com/bsauce/kernel-security-learning

- https://github.com/capturingcats/CVE-2021-3156

- https://github.com/cbass12321/OSCP-Cheat-Sheets

- https://github.com/chenaotian/CVE-2021-3156

- https://github.com/chmod750/awesome-repositories

- https://github.com/christian-byrne/custom-nodes-security-scan

- https://github.com/christian-byrne/node-sec-scan

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/cybercrazetech/Employee-walkthrough

- https://github.com/d3c3ptic0n/CVE-2021-3156

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/d4redevilx/OSCP-CheetSheet

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/dharanirajan676/openVAS_Elevatelabs_task3

- https://github.com/diannaofengzi/datura-ctf

- https://github.com/dinhbaouit/CVE-2021-3156

- https://github.com/direwolf314/prescup_cheatsheet

- https://github.com/donghyunlee00/CVE-2021-3156

- https://github.com/dschwads/threattemp

- https://github.com/duedahl/sudoedit_exploit

- https://github.com/duongdz96/CVE-2021-3156-main

- https://github.com/dyne/sud

- https://github.com/e-hakson/OSCP

- https://github.com/eeenvik1/kvvuctf_24

- https://github.com/elbee-cyber/CVE-2021-3156-PATCHER

- https://github.com/eljosep/OSCP-Guide

- https://github.com/exfilt/CheatSheet

- https://github.com/fazilbaig1/oscp

- https://github.com/fei9747/LinuxEelvation

- https://github.com/felixfu59/shocker-attack

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/flex0geek/cves-exploits

- https://github.com/foyjog/shocker-attack

- https://github.com/freeFV/CVE-2021-3156

- https://github.com/freitzzz/tpas-binary-exploitation

- https://github.com/gamblingmaster2020/vCenterExp

- https://github.com/gglessner/Rocky

- https://github.com/gmldbd94/cve-2021-3156

- https://github.com/go-bi/go-bi-soft

- https://github.com/goEnum/goEnum

- https://github.com/goEnumAdmin/goEnum

- https://github.com/greg-workspace/my_sudo_heap_overflow_exploit

- https://github.com/grng3r/rs_exploits

- https://github.com/h0pe-ay/Vulnerability-Reproduction

- https://github.com/hac425xxx/heap-exploitation-in-real-world

- https://github.com/halissha/CVE-2021-3156

- https://github.com/harsh-bothra/learn365

- https://github.com/hilbix/suid

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/huike007/penetration_poc

- https://github.com/huisetiankong478/penetration_poc

- https://github.com/hungnqdz/cve

- https://github.com/hycheng15/CVE-2021-3156

- https://github.com/iandrade87br/OSCP

- https://github.com/jagat-singh-chaudhary/bugbounty-365-days

- https://github.com/jbmihoub/all-poc

- https://github.com/jenriquezv/PEN-200-OSCP

- https://github.com/jitmondal1/OSCP

- https://github.com/jm33-m0/CVE-2021-3156

- https://github.com/joaomagfreitas/tpas-binary-exploitation

- https://github.com/joshmcorreia/SDSU_Cyber_Security_Red_Team

- https://github.com/joydo/CVE-Writeups

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/kal1gh0st/CVE-2021-3156

- https://github.com/kaosagnt/ansible-everyday

- https://github.com/kasperyhr/CSCI620_FinalProject

- https://github.com/ker2x/DearDiary

- https://github.com/kernelzeroday/CVE-2021-3156-Baron-Samedit

- https://github.com/kevinnivekkevin/3204_coursework_1

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/kldksd/server

- https://github.com/kotikjaroslav/sigma_detection_rules

- https://github.com/kurniawandata/xcoderootsploit

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/liqimore/ECE9609-Introduction-to-Hacking

- https://github.com/lmol/CVE-2021-3156

- https://github.com/lockedbyte/CVE-Exploits

- https://github.com/lockedbyte/lockedbyte

- https://github.com/lockedbyte/slides

- https://github.com/lognoz/puppet-freebsd-workstation

- https://github.com/loong576/ansible-production-practice-6

- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection

- https://github.com/ltfafei/my_POC

- https://github.com/lucagioacchini/auto-pen-bench

- https://github.com/lukwagoasuman/Technical_Write_Up

- https://github.com/lypd0/CVE-2021-3156-checker

- https://github.com/ma7moudShaaban/R00tKeep3r

- https://github.com/makoto56/penetration-suite-toolkit

- https://github.com/malwaremily/infosec-news-briefs

- https://github.com/manas3c/CVE-POC

- https://github.com/manoj3768/OSCP

- https://github.com/mbcrump/CVE-2021-3156

- https://github.com/meowhua15/CVE-2021-3156

- https://github.com/migueltc13/KoTH-Tools

- https://github.com/mitinarseny/hse_facl

- https://github.com/mr-r3b00t/CVE-2021-3156

- https://github.com/mrkronkz/exp

- https://github.com/mstxq17/SecurityArticleLogger

- https://github.com/murchie85/twitterCyberMonitor

- https://github.com/musergi/CVE-2021-3156

- https://github.com/mutur4/CVE-2021-3156

- https://github.com/n0-traces/cve_monitor

- https://github.com/neolin-ms/LinuxDocLinks

- https://github.com/nexcess/sudo_cve-2021-3156

- https://github.com/nitishbadole/oscp-note-3

- https://github.com/njahrckstr/exploits-

- https://github.com/nobodyatall648/CVE-2021-3156

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nu11secur1ty/CVE-mitre

- https://github.com/nu11secur1ty/CVE-nu11secur1ty

- https://github.com/nu11secur1ty/Windows10Exploits

- https://github.com/oneoy/CVE-2021-3156

- https://github.com/oneoy/exploits1

- https://github.com/oriolOrnaque/TFG-Binary-exploitation

- https://github.com/oscpname/OSCP_cheat

- https://github.com/parth45/cheatsheet

- https://github.com/password520/CVE-2021-3156

- https://github.com/pathakabhi24/Awesome-C

- https://github.com/paultheal1en/auto_pen_bench_web

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/perlun/sudo-1.8.3p1-patched

- https://github.com/ph4ntonn/CVE-2021-3156

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/pmihsan/Sudo-HeapBased-Buffer-Overflow

- https://github.com/popyue/HackTheBox

- https://github.com/pranjalsharma03/OSCP

- https://github.com/promise2k/OSCP

- https://github.com/puckiestyle/CVE-2021-3156

- https://github.com/pvnovarese/2022-02-enterprise-demo

- https://github.com/pvnovarese/2022-04-enterprise-demo

- https://github.com/pvnovarese/2022-04-suse-demo

- https://github.com/pvnovarese/2022-06-enterprise-demo

- https://github.com/pvnovarese/2022-08-enterprise-demo

- https://github.com/pvnovarese/2022-09-enterprise-demo

- https://github.com/pvnovarese/2023-01-enterprise-demo

- https://github.com/pvnovarese/2023-02-demo

- https://github.com/q77190858/CVE-2021-3156

- https://github.com/qxxxb/ctf_challenges

- https://github.com/r0eXpeR/pentest

- https://github.com/r3k4t/how-to-solve-sudo-heap-based-bufferoverflow-vulnerability

- https://github.com/r4j0x00/exploits

- https://github.com/rahardian-dwi-saputra/TryHackMe-WriteUps

- https://github.com/raulvillalpando/BufferOverflow

- https://github.com/ravibalanraju/vulnerability-reports-case-studies

- https://github.com/realbugdigger/Vuln-Analysis

- https://github.com/redhawkeye/sudo-exploit

- https://github.com/ret2basic/SudoScience

- https://github.com/revanmalang/OSCP

- https://github.com/reverse-ex/CVE-2021-3156

- https://github.com/rfago/tpas-binary-exploitation

- https://github.com/rosariofl/Red-vs-Blue-Project

- https://github.com/s1lver-lining/Starlight

- https://github.com/sandesvitor/simple-ansible-lab

- https://github.com/saucer-man/exploit

- https://github.com/scaryPonens/cve_bot

- https://github.com/schoi1337/dockout

- https://github.com/sereok3/buffer-overflow-writeups

- https://github.com/seyrenus/my-awesome-list

- https://github.com/sharkmoos/Baron-Samedit

- https://github.com/shishirpandey18/CVE-2021-3156

- https://github.com/siddicky/yotjf

- https://github.com/skilian-enssat/datura-ctf

- https://github.com/software-engineering-and-security/cfi-practical-guideline

- https://github.com/soosmile/POC

- https://github.com/sparktsao/auto-pen-bench-study

- https://github.com/stong/CVE-2021-3156

- https://github.com/stong/writing

- https://github.com/stressboi/TA-Samedit

- https://github.com/substing/internal_ctf

- https://github.com/substing/vulnerability_capstone_ctf

- https://github.com/sujallamichhane18/DestroyGPT

- https://github.com/sujallamichhane18/DestroyerGPT

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/tainguyenbp/linux-cve

- https://github.com/teamtopkarl/CVE-2021-3156

- https://github.com/ten-ops/baron-samedit

- https://github.com/teresaweber685/book_list

- https://github.com/thisguyshouldworkforus/ansible

- https://github.com/tnguy21/DDC-Regionals-2024

- https://github.com/trhacknon/Pocingit

- https://github.com/tunjing789/Employee-walkthrough

- https://github.com/txuswashere/OSCP

- https://github.com/tzwlhack/Vulnerability

- https://github.com/uhub/awesome-c

- https://github.com/unauth401/CVE-2021-3156

- https://github.com/usdogu/awesome-stars

- https://github.com/voidlsd/CVE-2021-3156

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/weto91/GitHub_Search_CVE

- https://github.com/whoforget/CVE-POC

- https://github.com/wiiwu959/Pentest-Record

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/worawit/CVE-2021-3156

- https://github.com/wsmaxcy/Cat-Pictures-2-Writeup

- https://github.com/wurwur/CVE-2021-3156

- https://github.com/xcode96/REDME

- https://github.com/xhref/OSCP

- https://github.com/xsudoxx/OSCP

- https://github.com/xtaran/sshudo

- https://github.com/xthemystik/xframe

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/yaunsky/cve-2021-3156

- https://github.com/yifengyou/sudo-1.8.29

- https://github.com/ymrsmns/CVE-2021-3156

- https://github.com/youwizard/CVE-POC

- https://github.com/ypl6/heaplens

- https://github.com/zecool/cve

- https://github.com/zhanpengliu-tencent/medium-cve