Highlight: THM: Sudo Baron Samedit CVE-2021-3156 'info' room

Channel:
United Kingdom MSec
Subscribers:
517
Published on ● Video Link: https://www.youtube.com/watch?v=i9N0H1BagUI


Duration: 16:36
72 views
1

In January 2021, Qualys released a blog post detailing a terrifying new vulnerability in the Unix sudo program.

Specifically, this was a heap buffer overflow allowing any user to escalate privileges to root -- no misconfigurations required. This exploit works with the default settings, for any user regardless of sudo permissions, which makes it all the scarier. The vulnerability has been patched, but affects any unpatched version of the sudo program from 1.8.2-1.8.31p2 and 1.9.0-1.9.5p1, meaning that it's been around for the last ten years.

As with CVE-2019-18634 (which we saw in the second sudovulns room), this vulnerability is a buffer overflow in the sudo program; however, this time the vulnerability is a heap buffer overflow, as opposed to the stack buffer overflow we saw before.

[https://tryhackme.com/room/sudovulnssamedit](https://tryhackme.com/room/sudovulnssamedit) -- Watch live at https://www.twitch.tv/msec



Other Videos By MSec


2022-06-25Highlight: THM Crack the hash (easy) | Part #1
2022-06-25Highlight: THM OhSINT (easy)
2022-05-28Highlight: THM: Nmap
2022-05-28Highlight: THM: Google Dorking
2022-05-28Highlight: THM: RustScan
2022-04-26Highlight: THM: Attacktive Directory Room
2022-04-16Highlight: THM: Burp Suite: The Basics 'info' room
2022-04-16Highlight: THM: Apache path traversal CVE-2021-41773/42013 'info' room
2022-04-16Highlight: THM: Burp Suite: Repeater 'info' room
2022-04-16Highlight: THM: Polkit: CVE-2021-3560 'info' room
2022-04-16Highlight: THM: Sudo Baron Samedit CVE-2021-3156 'info' room
2022-04-16Highlight: THM: Sudo Security Bypass CVE-2019-14287 'info' room
2022-04-16Highlight: THM: OverlayFS - CVE-2021-3493 'info' room
2022-04-16Highlight: THM: Sudo Buffer Overflow CVE-2019-18634 'info' room
2022-04-16Highlight: THM: Pwnkit: CVE-2021-4034 'info' room
2022-04-11Highlight: THM: REmux The Tmux 'info' room.
2022-04-11Highlight: THM: Common Attacks 'info' room
2022-04-11Highlight: THM: Python Basics 'info' room
2022-04-11Highlight: THM: Intro to LAN 'info' room
2022-04-08Highlight: THM | Spring4Shell: CVE-2022-22965 'info' room
2022-04-08Highlight: THM | Dirty Pipe: CVE-2022-0847 'info' room


Tags:
bug
bugbounty
bugbountytips
bughunter
burpsuite
coding
cybersecurity
darkweb
ethicalhacker
ethicalhackers
ethicalhacking
exploit
games
hack
hacker
hackerone
hackers
hacking
hackingtools
infosec
kalilinux
linux
metasploit
msec
nmap
owasp
programming
python
security
technology
twitch
virus