Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2021-3156
PUBLISHEDSudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...
- Vendor
- Sudo Project
- Product
- Sudo
- Published
- Jan 26, 2021
- EPSS
- —
Description
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2022-04-06 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
- http://seclists.org/fulldisclosure/2021/Jan/79
- http://www.openwall.com/lists/oss-security/2021/01/26/3
- https://security.gentoo.org/glsa/202101-33
- https://www.debian.org/security/2021/dsa-4839
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
- http://www.openwall.com/lists/oss-security/2021/01/27/1
- http://www.openwall.com/lists/oss-security/2021/01/27/2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
- https://www.kb.cert.org/vuls/id/794544
- http://seclists.org/fulldisclosure/2021/Feb/42
- http://www.openwall.com/lists/oss-security/2021/02/15/1
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.sudo.ws/stable.html#1.9.5p2
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- https://security.netapp.com/advisory/ntap-20210128-0002/
- https://security.netapp.com/advisory/ntap-20210128-0001/
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
- https://support.apple.com/kb/HT212177
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348
- https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
- https://www.synology.com/security/advisory/Synology_SA_21_02
- http://www.openwall.com/lists/oss-security/2021/09/14/2
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://www.openwall.com/lists/oss-security/2024/01/30/8
- http://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 06, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudo_baron_samedit.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-05-13 01:02:32 UTC · 4 stars
Exploit for Ubuntu 20.04 using CVE-2021-3156 enhanced with post-exploitation scripts
github · Created 2022-12-25 03:58:20 UTC · 0 stars
github · Created 2022-11-03 13:10:23 UTC · 26 stars
利用sudo提权,只针对cnetos7
github · Created 2022-07-04 13:55:24 UTC · 5 stars
Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability
github · Created 2022-01-27 02:31:43 UTC · 8 stars
CVE-2021-3156 POC and Docker and Analysis write up
github · Created 2021-10-13 17:43:51 UTC · 2 stars
github · Created 2021-08-07 08:38:50 UTC · 0 stars
github · Created 2021-06-30 18:00:03 UTC · 1 stars
github · Created 2021-03-19 14:06:09 UTC · 4 stars
Exploit generator for sudo CVE-2021-3156
github · Created 2021-03-15 17:37:02 UTC · 746 stars
Sudo Baron Samedit Exploit
github · Created 2021-02-23 03:14:36 UTC · 0 stars
github · Created 2021-02-09 19:25:18 UTC · 201 stars
CVE-2021-3156非交互式执行命令
github · Created 2021-02-09 07:55:47 UTC · 16 stars
sudo heap overflow to LPE, in Go
github · Created 2021-02-08 18:21:58 UTC · 51 stars
CVE-2021-3156: Sudo heap overflow exploit for Debian 10
github · Created 2021-02-06 21:16:11 UTC · 5 stars
github · Created 2021-02-03 19:57:56 UTC · 151 stars
Root shell PoC for CVE-2021-3156
github · Created 2021-02-03 09:48:46 UTC · 5 stars
CVE-2021-3156 Vagrant Lab
github · Created 2021-01-31 22:58:13 UTC · 7 stars
A docker environment to research CVE-2021-3156
github · Created 2021-01-31 16:10:11 UTC · 3 stars
Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
github · Created 2021-01-31 03:38:37 UTC · 8 stars
github · Created 2021-01-30 20:39:58 UTC · 975 stars
github · Created 2021-01-30 10:53:26 UTC · 1 stars
checking CVE-2021-3156 vulnerability & patch script
github · Created 2021-01-30 03:22:04 UTC · 435 stars
PoC for CVE-2021-3156 (sudo heap overflow)
github · Created 2021-01-29 19:24:41 UTC · 38 stars
Notes regarding CVE-2021-3156: Heap-Based Buffer Overflow in Sudo
github · Created 2021-01-28 08:55:04 UTC · 4 stars
github · Created 2021-01-28 02:13:49 UTC · 18 stars
1day research effort
github · Created 2021-01-27 21:49:06 UTC · 3 stars
This simple bash script will patch the recently discovered sudo heap overflow vulnerability.
github · Created 2021-01-27 16:35:43 UTC · 1 stars
github · Created 2021-01-26 19:53:04 UTC · 35 stars
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit