Linux sudo permission escalation vulnerability CVE-2021-3156
Linux sudo permission escalation vulnerability CVE-2021-3156
Linux sudo permission escalation vulnerability CVE-2021-3156
Vulnerability Description
On January 26, 2021, Linux security tool sudo was discovered to be a serious heap-based buffer overflow vulnerability. When sudo runs a command in shell mode via the -s or -i command line options, it will use a backslash to escape special characters in the command parameters.
Vulnerability Impact
Sudo 1.8.2 - 1.8.31p2 Sudo 1.9.0 - 1.9.5p1</a-checkbox>
Vulnerability reappears
Currently, POC has been released on Github
</br>
</a-alert>
The Linux environment that can be verified is, here we use the Ubuntu image in Tencent Cloud for reproduction.
</br>
Vulnerability POC
</a-alert> </br>
This post is licensed under CC BY 4.0 by the author.