CVE-2021-3156
PoC for CVE-2021-3156 (sudo heap overflow). Exploit by @gf_256 aka cts. Thanks to r4j from super guesser for help. Credit to Braon Samedit of Qualys for the original advisory.
Instructions
- wget/curl
- tune RACE_SLEEP_TIME
- gcc exploit.c
- cp /etc/passwd fakepasswd
- modify fakepasswd so your uid is 0
- ./a.out
Tested on Ubuntu 18.04 (sudo 1.8.21p2) and 20.04 (1.8.31)
this bug freaking sucked to PoC, it took like 3 sisyphean days and then suddenly today I just got insanely lucky