Skip to content

kasperyhr/CSCI620_FinalProject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Makefile
Makefile
 
 
README.md
README.md
 
 
exploit.c
exploit.c
 
 
shellcode.c
shellcode.c
 
 

Repository files navigation

CSCI620_FinalProject

This is the final project of CSCI 620 Operating System Security in NYIT - Vancouver Campus from Newer Younger Imperial Team. A PoC for educational purpose for CVE-2021-3156. You can also find the code: https://github.com/kasperyhr/CSCI620_FinalProject

Environment Setup

This script only tested on Ubuntu 20.04 against sudo 1.8.31. You can check your version of sudo is vulnerable with: $ sudoedit -s Y. If it asks for your password it's most likely vulnerable, if it prints usage information it isn't. You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with $ sudo apt install sudo=1.8.31-1ubuntu1.

Usage

$ make

$ ./exploit

Reference:

  1. https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
  2. https://github.com/CptGibbon/CVE-2021-3156
  3. https://github.com/LiveOverflow/pwnedit/

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages