all InfoSec news
Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears
DEV Community dev.to
Introduction
In this blog post, we dive into the intricacies of the Sudo Heap Overflow Vulnerability (CVE-2021-3156). On January 26, 2021, Qualys Research Labs discovered a flaw in sudo. When sudo parses the command line parameters, the truncation character is wrongly judged, which leads to the attacker maliciously constructing a payload, causing sudo to overflow the heap. This vulnerability can cause Local privilege escalation.
Environment
environment version
• ubuntu 20.04
• sudo-1.8.31p2
Use the following command to compile and install …
blog blog post command command line critical cve cybersecurity dive flaw infosec introduction january labs linux overflow qualys research research labs security security flaw sudo vulnerability