This is the final project of CSCI 620 Operating System Security in NYIT - Vancouver Campus from Newer Younger Imperial Team. A PoC for educational purpose for CVE-2021-3156. You can also find the code: https://github.com/kasperyhr/CSCI620_FinalProject
This script only tested on Ubuntu 20.04 against sudo 1.8.31. You can check your version of sudo is vulnerable with: $ sudoedit -s Y
. If it asks for your password it's most likely vulnerable, if it prints usage information it isn't. You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with $ sudo apt install sudo=1.8.31-1ubuntu1
.
$ make
$ ./exploit
Reference: