| Name | sudo_heap_overflow |
| CVE | CVE-2021-3156 |
| Exploit Pack | CANVAS |
| Description | sudo_heap_overflow |
| Notes | CVE Name: CVE-2021-3156 VENDOR: sudo NOTES: The sudo binary is a setuid binary that can elevate a user to root privilege. The exploit uses a heap overflow in the sudo binary, in order to load a shared library at '/tmp/libnss_X/NSS_LIBRARY .so.2' This exploit is currently working on vulnerable versions of Ubuntu 18, 19 and 20 and Debian 10 The exploit was tested on: - Ubuntu Desktop 18.04 (sudo 1.8.31p2) - Debian 10.5 (sudo 1.8.27) VersionsAffected: Affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1. Repeatability: Infinite References: - https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 Date public: 26/01/2021 CVSS: N/A |
| Learn more about the CANVAS Exploit Pack here: CANVAS |