← volver
CVE-2021-3156

CVE-2021-3156

CVSS 7.8 HIGHEPSS 99.3%● KEVCWE-193
En resumen

Sudo contiene un defecto que permite a un usuario local obtener acceso de root mediante un comando sudoedit especialmente diseñado que termina con una barra invertida. Afecta versiones antiguas de Sudo y compromete la seguridad del sistema.

Detalle técnico

Un error off-by-one en Sudo anterior a la versión 1.9.5p2 causa desbordamiento de búfer basado en heap al procesar sudoedit con la bandera -s y argumentos terminados en barra invertida. Permite escalación de privilegios local a root; requiere que sudoedit esté disponible para el usuario.

Resumen generado y traducido por IA a partir de la descripción oficial.
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas90
githubgithub.com/blasty/CVE-2021-31561014githubgithub.com/worawit/CVE-2021-3156800githubgithub.com/stong/CVE-2021-3156431githubgithub.com/LiveOverflow/pwnedit227githubgithub.com/Rvn0xsy/CVE-2021-3156-plus205githubgithub.com/CptGibbon/CVE-2021-3156158githubgithub.com/reverse-ex/CVE-2021-3156112githubgithub.com/0x4ndy/clif100githubgithub.com/0xdevil/CVE-2021-315651githubgithub.com/mbcrump/CVE-2021-315639githubgithub.com/mr-r3b00t/CVE-2021-315635githubgithub.com/PhuketIsland/CVE-2021-3156-centos730githubgithub.com/kernelzeroday/CVE-2021-3156-Baron-Samedit17githubgithub.com/jm33-m0/CVE-2021-315616githubgithub.com/redhawkeye/sudo-exploit15githubgithub.com/chenaotian/CVE-2021-315611githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/apogiatzis/docker-CVE-2021-31567githubgithub.com/PurpleOzone/PE_CVE-CVE-2021-31567githubgithub.com/1N53C/CVE-2021-3156-PoC7githubgithub.com/teamtopkarl/CVE-2021-31567githubgithub.com/Mhackiori/CVE-2021-31566githubgithub.com/dinhbaouit/CVE-2021-31565githubgithub.com/yaunsky/cve-2021-31565githubgithub.com/lmol/CVE-2021-31564githubgithub.com/baka9moe/CVE-2021-3156-Exp4githubgithub.com/elbee-cyber/CVE-2021-3156-PATCHER3githubgithub.com/kal1gh0st/CVE-2021-31563githubgithub.com/ph4ntonn/CVE-2021-31563githubgithub.com/musergi/CVE-2021-31562githubgithub.com/lypd0/CVE-2021-3156-checker2githubgithub.com/Q4n/CVE-2021-31562githubgithub.com/SantiagoSerrao/ScannerCVE-2021-31561githubgithub.com/nobodyatall648/CVE-2021-31561githubgithub.com/DASICS-ICT/DASICS-CVE-2021-31561githubgithub.com/q77190858/CVE-2021-31561githubgithub.com/RodricBr/CVE-2021-31561githubgithub.com/binw2018/CVE-2021-3156-SCRIPT1githubgithub.com/0x7183/CVE-2021-31561githubgithub.com/unauth401/CVE-2021-31561githubgithub.com/TheFlash2k/CVE-2021-31561githubgithub.com/donghyunlee00/CVE-2021-31561githubgithub.com/BearCat4/CVE-2021-31561githubgithub.com/DDayLuong/CVE-2021-31560githubgithub.com/Robblackcatchai/porfolio-Baron-Samedit0githubgithub.com/nexcess/sudo_cve-2021-31560githubgithub.com/ymrsmns/CVE-2021-31560githubgithub.com/freeFV/CVE-2021-31560githubgithub.com/Ashish-dawani/CVE-2021-3156-Patch0githubgithub.com/DanielAzulayy/CTF-20210githubgithub.com/cdeletre/Serpentiel-CVE-2021-31560githubgithub.com/perlun/sudo-1.8.3p1-patched0githubgithub.com/gmldbd94/cve-2021-31560githubgithub.com/oneoy/CVE-2021-31560githubgithub.com/capturingcats/CVE-2021-31560githubgithub.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build0githubgithub.com/Exodusro/CVE-2021-31560githubgithub.com/sbladiamond/CVE-2021-31560githubgithub.com/d3c3ptic0n/CVE-2021-31560githubgithub.com/halissha/CVE-2021-31560githubgithub.com/sharkmoos/Baron-Samedit0githubgithub.com/arvindshima/CVE-2021-31560githubgithub.com/HuzaifaTariqAfzalKhan/CVE-Exploit-Research-Development-ITSOLERA0githubgithub.com/VilmarTuminskii/cve-2021-3156-sudo-lab0githubgithub.com/DakerQirszh/cve-2021-31560githubgithub.com/TheLeopard65/CVE-2021-3156-Baron-Samedit0githubgithub.com/Rana-Ali93/CVE-2021-3156-Sudo-Buffer-Overflow-Linux0githubgithub.com/calonnuotcabe/CVE-2021-31560githubgithub.com/Kranti08/CVE-2021-3156-Baron-Samedit0githubgithub.com/hycheng15/CVE-2021-31560githubgithub.com/mutur4/CVE-2021-31560githubgithub.com/asepsaepdin/CVE-2021-31560githubgithub.com/ngtuonghung/CVE-2021-31560githubgithub.com/wurwur/CVE-2021-31560githubgithub.com/acidburn2049/CVE-2021-31560githubgithub.com/Bad3r/CVE-2021-3156-without-ip-command0githubgithub.com/Sebastianbedoya25/CVE-2021-31560githubgithub.com/czeti/baron-samedit0githubgithub.com/Sornphut/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit-0githubgithub.com/shishirpandey18/CVE-2021-31560githubgithub.com/Shuhaib88/Baron-Samedit-Heap-Buffer-Overflow-CVE-2021-31560githubgithub.com/Superliverbun/cve-2021-3156-0githubgithub.com/TopskiyPavelQwertyGang/Review.CVE-2021-31560cve_referencepacketstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49521no verificadocve_referencepacketstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlno verificadocve_referencepacketstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlno verificadocve_referencepacketstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49522no verificadocve_referencepacketstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2021/Feb/42http://seclists.org/fulldisclosure/2021/Jan/79http://seclists.org/fulldisclosure/2024/Feb/3https://kc.mcafee.com/corporate/index?page=content&id=SB10348https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/