How to fine tune timing for CVE-2021-3156 (sudo privilege escalation)?



  • I am trying to execute the sudo buffer overflow (CVE-2021-3156) on one of my systems, but haven't got it working yet. The system is definitely vulnerable (taking into account sudo version and sudoedit -A -s \\ output (malloc error).

    I created a VM with the same Linux version (but no other files) and it worked there. I suppose I need to edit the timing parameter - but I don't know what the value should be. It is 0.01s by default, and it only says it should be increased or decreased depending on the filesystem. I used a python script to vary from 0.001s to 0.02s in 0.001s steps - no success. How do I find the correct value?



  • I still don't know how this would have been done, but I found another working exploit:

    https://github.com/worawit/CVE-2021-3156

    I needed to patch the is_vuln() function here, but then it worked seamlessly.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2