Sudo Baron Samedit

Steps to replicate:

# Check for the version of sudo installed.
sudo -V

In my case, I found the version to be 1.8.29.

Affected Sudo Versions

  1. Sudo 1.8.2 to 1.8.31p2

  2. Sudo 1.9.0 to 1.9.5p1

Fixed Sudo Versions

  1. Sudo 1.8.32

  2. Sudo 1.9.5p2

While reviewing potential exploits, I discovered something related to the Sudo Baron Samedit vulnerability.

The linpeas.sh script also suggests this exploit. I plan to try the following Python script to determine if it can provide shell access.

LogoCVE-2021-3156/exploit_nss.py at main · worawit/CVE-2021-3156GitHub

Start web server and send the file to the victim machine.

Got the shell as root.

PreviousPwnkit vulnerabilityNextCompiling C exploit.

Last updated