Skip to content

Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability

Notifications You must be signed in to change notification settings

Mhackiori/CVE-2021-3156

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Logo

CVE-2021-3156

Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability
See report »

Francesco Marchiori · Alessandro Lotto

Table of Contents
  1. Abstract
  2. Visualization
  3. Fuzzing
  4. Exploit
  5. Patch

🧩 Abstract

Any Unix-based Operating System is equipped with the sudo command that allows for a temporary root privileges escalation for those users that are expected to do so. Sudo offers then a critical functionality that if abused may lead to the compromise of the security and reliability of the system itself. Because of its importance within the Operating System, sudo’s source code is subject to frequent testing and code reviews. These have led to discover a heap-based overflow vulnerability, named as CVE-2021-3156, that surprisingly has been hidden for almost 10 years. Neither fuzzing techniques, one of the most used techniques for bug and vulnerability discovery, allowed to spot out it before. In this paper, we analyze in detail the CVE-2021-3156 sudo vulnerability, starting from the buffer overflow vulnerability up to how it can be exploited in order to gain a root shell even being a non-privileged user or not being allowed to use the sudo command.

🖼️ Visualization

In the Visualization directory there are a couple of script that we used to visualize how arguments are parsed with or without backslash characters and to analyze how environment variables affect the heap layout, in order to further understand the structure of the proposed exploit.

🔍 Fuzzing

In the Fuzzing directory there are the files needed to perform fuzzing on the vulnerable version of sudo. It's also reported how to be able to fuzz and how to solve the problems that prevent AFL to work out-of-the-box, thus explaining how the vulnerability has been hidden for almost 10 years.

⚔️ Exploit

In the Exploit directory there are the filed needed to perform the attack on another vulnerable version of sudo. We exploit memory population through environment variables to perform heap feng shui and overwrite the name of the service_user object, in order to execute our own code instead of loading a library.

🛡️ Patch

In the Patch directory there is an overflow_simulation_patch.c script that simulates the behaviour of the overflow and patches it with additional code that we wrote. Since developers at the Sudo project decided to fix the vulnerability flow instead of the code itself, we show a different approach and how it can be fixed with just a few lines of code.

(back to top)

About

Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages