stong / cve-2021-3156 Goto Github PK

I tried the exploit on several different old Centos. Sudo is vulnerable. Exploit fails

CentOS release 6.10 Linux version 2.6.32-696
Sudo version 1.8.6p3
Sudoers policy plugin version 1.8.6p3
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p3
ldd (GNU libc) 2.12

sudoedit -s /
sudoedit: /: not a regular file

if that C as a meme i guess he want work and i tested multiple time on ManjoroOS also on Debian XD

OS: Linux x64 5.8.11-1-MANJARO
Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Ram : 8GiB

Hi guys,

As the subject stated, it is self-explanatory. I tried to modify the race sleep time to 1000000000000000 (and yes that is 15 zeros!) Ran the exploit again and it still created 5000 dir again and failed.

The Ubuntu version I have is 18.04.4 LTS. The other thing is that I tried to trial and error is that it goes </etc/passwd> <modifed passwd with uid 0> I am not sure how the exploit links to exploit.c. Changing the extension of exploit.c resulted that the exploit could still run. So I am not sure where the exploit gets the RST parameter value.

Thanks

Edited