all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears

Add to bookmarks
July 12, 2023, 8:18 p.m. | TutorialBoy

DEV Community dev.to




Introduction


In this blog post, we dive into the intricacies of the Sudo Heap Overflow Vulnerability (CVE-2021-3156). On January 26, 2021, Qualys Research Labs discovered a flaw in sudo. When sudo parses the command line parameters, the truncation character is wrongly judged, which leads to the attacker maliciously constructing a payload, causing sudo to overflow the heap. This vulnerability can cause Local privilege escalation.





Environment


environment version


• ubuntu 20.04


• sudo-1.8.31p2


Use the following command to compile and install …

blog blog post command command line critical cve cybersecurity dive flaw infosec introduction january labs linux overflow qualys research research labs security security flaw sudo vulnerability

Visit resource

More from dev.to / DEV Community

Step-by-Step Guide: Setting Up Azure Entra ID with Domain Names and User Management an hour ago | dev.to
access access management active directory apps +24
FLaNK-AIM Weekly 06 May 2024 an hour ago | dev.to
aim ai security apacheflink apachekafka +28
Leveraging Brython for Web Development 4 hours ago | dev.to
code development easier experience +13
From English Teacher to AWS Architect 5 hours ago | dev.to
alex architect aws career +17
InnOlympics Hackathon 2024 7 hours ago | dev.to
hackathon opportunity top 10 webdev
AWS Certified Solutions Architect - Associate 8 hours ago | dev.to
access access management amp architect +48
AWS Certified Solutions Architect - Associate 8 hours ago | dev.to
access access management amp architect +46
File Encryption in Rust 9 hours ago | dev.to
back cryptography don encrypt +12
This is the first Chrome extension I built as a hobby 9 hours ago | dev.to
access chrome chrome extension computer +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

PMO Cybersécurité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Third Party Risk Management - Consultant

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Consultant Cyber Sécurité H/F - Strasbourg

@ Hifield | Strasbourg, France
View on infosec-jobs.com

Information Security Compliance Analyst

@ KPMG Australia | Melbourne, Australia
View on infosec-jobs.com

GDS Consulting - Cyber Security | Data Protection Senior Consultant

@ EY | Taguig, PH, 1634
View on infosec-jobs.com

Senior QA Engineer - Cloud Security

@ Tenable | Israel
View on infosec-jobs.com
View more jobs