exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

CVE-2021-3156

Status Candidate

Overview

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Related Files

Gentoo Linux Security Advisory 202208-26
Posted Aug 15, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-31566, CVE-2021-36976, CVE-2022-26280, CVE-2022-28066
SHA-256 | c4a6ea384306cefa4355225cb9e8a1e366ba43987e3c762adfe74c1500242886
Red Hat Security Advisory 2022-5132-01
Posted Jun 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23177, CVE-2021-23222, CVE-2021-25219, CVE-2021-31566, CVE-2021-3634, CVE-2021-3672, CVE-2021-3737, CVE-2021-4189, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-1902, CVE-2022-24407
SHA-256 | bfca0ba942391c6a43c9f8d48bf4d26fb94e10f853c2bf23fb873d2cf0db5c07
Red Hat Security Advisory 2022-1747-01
Posted May 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-41771, CVE-2021-41772, CVE-2021-45960, CVE-2021-46143, CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-25235
SHA-256 | 9f53c43845e6989b1ee838b81e5c8b82022554a46d50f3d5c6ed2d4ad233ec23
Red Hat Security Advisory 2022-1734-01
Posted May 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1734-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-4028, CVE-2021-41190, CVE-2021-41771, CVE-2021-41772, CVE-2021-44716, CVE-2021-44717, CVE-2021-45960, CVE-2021-46143, CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218
SHA-256 | 67eeebb8087b0fc31c8fbd504ec1c532cbcd40628f892f8aff82695c15395b0d
Red Hat Security Advisory 2022-1476-01
Posted Apr 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1476-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-23177, CVE-2021-23566, CVE-2021-31566, CVE-2021-3999, CVE-2021-41190, CVE-2021-4154, CVE-2021-43565, CVE-2021-45960, CVE-2021-46143, CVE-2022-0144, CVE-2022-0155, CVE-2022-0235, CVE-2022-0261, CVE-2022-0318, CVE-2022-0330, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0536, CVE-2022-0778, CVE-2022-0811, CVE-2022-0847, CVE-2022-22822
SHA-256 | 518f87bfae6ff4f29f3572832aa384efe8f2162ebac11f7d53caab2d6df42933
Red Hat Security Advisory 2022-1396-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1396-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-25709, CVE-2020-25710, CVE-2021-0920, CVE-2021-20231, CVE-2021-20232, CVE-2021-21684, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566
SHA-256 | 9c6ace15db6cc4f4efff553e069be87d1d00778ed7287b08bb97673bf221855f
Red Hat Security Advisory 2022-1083-01
Posted Mar 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-23177, CVE-2021-23566, CVE-2021-31566, CVE-2021-3999, CVE-2021-4154, CVE-2021-45960, CVE-2021-46143, CVE-2022-0144, CVE-2022-0155, CVE-2022-0235, CVE-2022-0261, CVE-2022-0318, CVE-2022-0330, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0536, CVE-2022-0847, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825
SHA-256 | 9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23
Red Hat Security Advisory 2022-1081-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566, CVE-2021-3200, CVE-2021-33560, CVE-2021-3445, CVE-2021-3521, CVE-2021-3580, CVE-2021-36084
SHA-256 | 35e0984360562b4b8fbf9fe40fae589355479f6f0de58360c9bbc860cb6a290e
Red Hat Security Advisory 2022-1039-01
Posted Mar 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1039-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-25709, CVE-2020-25710, CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-45960, CVE-2021-46143, CVE-2022-1025, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-24407, CVE-2022-24730, CVE-2022-24731, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | a3aa6dabb32b90d59c78082f139db0780896fec7f29703a5c21de22ea3a9a54a
Red Hat Security Advisory 2022-1041-01
Posted Mar 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1041-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-45960, CVE-2021-46143, CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-1025, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-24407, CVE-2022-24730, CVE-2022-24731, CVE-2022-25235, CVE-2022-25236
SHA-256 | 6445fba90799b01b872171494589c69dffa5557ff9ffa53f46f79a6cee9831a2
Red Hat Security Advisory 2022-1042-01
Posted Mar 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1042-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-25709, CVE-2020-25710, CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-45960, CVE-2021-46143, CVE-2022-0261, CVE-2022-0318, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0413, CVE-2022-0811, CVE-2022-1025, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-24407, CVE-2022-24730
SHA-256 | 5265a1937f32a43b20d3f66c08e5c5c57fd157ff3cf351d7f38e42467527af1a
Red Hat Security Advisory 2022-0892-01
Posted Mar 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0892-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2021-23177, CVE-2021-31566
SHA-256 | 686be55c0541c52f7228bb399f498ef4abc8ee622ecfeb33ac3cc160e6173af6
Heap-Based Overflow Vulnerability In Sudo
Posted Jun 4, 2021
Authored by Akshay Sharma, Yamini Sharma

Whitepaper giving an overview of a heap-based buffer overflow in sudo.

tags | paper, overflow
advisories | CVE-2021-3156
SHA-256 | a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ec
Apple Security Advisory 2021-02-09-1
Posted Feb 12, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-02-09-1 - macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 address code execution and out of bounds write vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2021-1805, CVE-2021-1806, CVE-2021-3156
SHA-256 | d07c6053fe910958b6266e0b88aa65b1bed26755ff3255409dce2e7eae0d9f55
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
Posted Feb 5, 2021
Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.

tags | exploit, overflow, local
advisories | CVE-2021-3156
SHA-256 | cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bc
Red Hat Security Advisory 2021-0401-01
Posted Feb 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0401-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2021-3156
SHA-256 | 034eb3e36fb41523c183cce7fb7db81b540b3f41c75420847bab7b9527045d5c
Red Hat Security Advisory 2021-0395-01
Posted Feb 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0395-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2021-3156
SHA-256 | 49977143520cecce774113ea2a67d42ba9b82c061e235564ca9f6f24094c01be
Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
Posted Feb 3, 2021
Authored by West Shepherd, Baron Samedit, Stephen Tong

Sudo version 1.9.5p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit.

tags | exploit, overflow
advisories | CVE-2021-3156
SHA-256 | 5c92904142e5934f1e20b05addc2261131559831f8576f64bf6cb2dca6f49edb
Sudo Buffer Overflow / Privilege Escalation
Posted Feb 1, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, r4j, cts | Site nu11secur1ty.com

Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2021-3156
SHA-256 | df2faf65c7a84b5633290e4d3a7d6958932b30e7692ccdb236b728a8b89c4678
Debian Security Advisory 4839-1
Posted Jan 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4839-1 - The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

tags | advisory, overflow, local, root
systems | linux, debian
advisories | CVE-2021-3156
SHA-256 | e618531d43ceeb3d6e8d6ee5e3baaee28ecc28d7ebb4a21ac4e2bbab7d16d3f1
Ubuntu Security Notice USN-4705-2
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-3156
SHA-256 | c49212b15ccc247d4854bbc03d70b7782b5d16c35cb198deb88dd180603d38b6
Sudo Heap-Based Buffer Overflow
Posted Jan 27, 2021
Authored by Qualys Security Advisory

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

tags | exploit, overflow
advisories | CVE-2021-3156
SHA-256 | 49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319f
Gentoo Linux Security Advisory 202101-33
Posted Jan 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23239, CVE-2021-23240, CVE-2021-3156
SHA-256 | 3f9611402a5877782d23f9e9d2f5be342e3982b50a70d76d2296d15cc8e96070
Red Hat Security Advisory 2021-0223-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
SHA-256 | 4932fccbcf1a83deca2314abd187a649434f117ced4a98c7f5cbb7ba1d120aee
Red Hat Security Advisory 2021-0222-01
Posted Jan 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2021-3156
SHA-256 | cbff7c657cb1ac5160a7a0a1d3c44d1edf4ac5b535f9c878c51d94c1ed9ce2e4
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close