module
Sudo Heap-Based Buffer Overflow
| Disclosed | Created |
|---|---|
| 2021-01-26 | 2021-02-04 |
Disclosed
2021-01-26
Created
2021-02-04
Description
A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker
to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2
through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this
implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker
controlled library which results in it being loaded with the elevated privileges held by sudo.
to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2
through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this
implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker
controlled library which results in it being loaded with the elevated privileges held by sudo.
Authors
Qualys
Spencer McIntyre
bwatters-r7
smashery
blasty blasty@fail0verflow.com
worawit
Alexander Krog
Spencer McIntyre
bwatters-r7
smashery
blasty blasty@fail0verflow.com
worawit
Alexander Krog
Platform
Linux,Unix
Architectures
x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.