However, I didn’t really know what to aim for with the overflow so my first approach was to randomly generate the parameters we control and look for interesting crashes. Affected customers are urged to upgrade to newer versions of sudo. The issue is assigned CVE-2021-3156 and Red Hat Product Security has classified this flaw as having a severity rating of Important. We can insert null bytes (if the string is just “\”, the backslash gets skipped and only the null byte is copied) The sudo package is installed by default on Red Hat Enterprise Linux (RHEL) and allows users to execute commands as other users, most commonly root. CVE-2021-3156 - Exploit Root shell PoC for CVE-2021-3156 (no bruteforce) For educational purposes etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |