Heap-Based Buffer Overflow in Sudo Affects Multiple Systems
CVE-2021-3156

7.8HIGH

Key Information:

Vendor: Sudo Project
Status: Sudo
Vendor: CVE Published:; 26 January 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%🦅 CISA Reported

Summary

The vulnerability in Sudo prior to version 1.9.5p2 arises from an off-by-one error that can lead to a heap-based buffer overflow. This flaw can be exploited through 'sudoedit -s' when given a command-line argument that concludes with a backslash. Successful exploitation can grant attackers elevated privileges, allowing them to execute arbitrary commands with root access. It is imperative for system administrators to apply the latest patches to mitigate this vulnerability and secure their systems.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-3156
Created by blasty

CVE-2021-3156
Created by worawit

CVE-2021-3156
Created by stong