Sudo Heap Overflow Baron Samedit# CVE-2021-3156
## Introduction
>This repository was created for studying purpose. The project contains some tools for studying the sudo Baron Samedit vulnerability and the exploit for it.
>Thanks to [Qualys Team](https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt) for discovering such vulnerability, to [Worawit](https://github.com/worawit/CVE-2021-3156) and [0xdevil](https://github.com/0xdevil/CVE-2021-3156) for the interesting writeups.
## Usage
> The Docker directory contains a Docker container used for studying some part of the vulnerability:
- Use ``` make all ``` for starting the container.
- Use ``` make root ``` for open a shell as root.
- Use ``` make user ``` for open a shell as user.
> Care that the exploit will not work on the Docker container, at least not on ```Mac OS Big Sur``` with ```docker-machine```
> The environment directory contains ```debug.py``` and ```gdb_config``` used for debugging sudo. The subdirectory ``` src ``` contains some part of the source code.
>
> The ``` source ``` directory contains all the sudo code.
>
> the ``` exploit ``` directory contains the python exploit devolped for this project and the malicious library used for spawn a root shell.
- Compile the C program ``` gcc -shared -o X1234.so.2 -fPIC X1234.c ```
- Run the exploit ``` python3 exploit.py ```
- Enjoi the root shell
> The exploit was tested on :
- ```Ubuntu 20.04 ```
- ```ldd (Ubuntu GLIBC 2.31-0ubuntu9) 2.31 Copyright (C) 2020 Free Software Foundation, Inc.```
- ``` sudo version: 1.8.31```
> it may not work on other versions. In that case just try to change some numbers in the code.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view