module

Sudo Heap-Based Buffer Overflow

Disclosed	Created
Jan 26, 2021	Feb 4, 2021

Disclosed

Jan 26, 2021

Created

Feb 4, 2021

Description

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker
to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2
through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this
implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker
controlled library which results in it being loaded with the elevated privileges held by sudo.

Authors

Qualys
Spencer McIntyre
bwatters-r7
smashery
blasty [email protected]
worawit
Alexander Krog

Platform

Linux,Unix

Architectures

x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/local/sudo_baron_samedit
    msf exploit(sudo_baron_samedit) > show targets
        ...targets...
    msf exploit(sudo_baron_samedit) > set TARGET < target-id >
    msf exploit(sudo_baron_samedit) > show options
        ...show and set options...
    msf exploit(sudo_baron_samedit) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report