Sudo Vulnerability Walkthrough
The most comprehensive video about the recent sudo vulnerability CVE-2021-3156.
sudo - Baron Samedit CVE-2021-3156
The most comprehensive video about the recent sudo vulnerability CVE-2021-3156
Why Pick sudo as Research Target? - Part 1: Discovering the Bug
The sudo vulnerability that was recently uncovered is critical due to the ubiquity of Linux machines all around us. In this first article, we discuss how to find the vulnerability using a command line argument fuzzing tool, AFL.
How Fuzzing with AFL works
Using LLVM and clang, we were able to fuzz Linux programs in the command line using the AFL fuzzer. Exploiting the fact that sudoedit is symlinked to sudo, we tried to find the CVE-2021-3156 vulnerability using fuzzing methods.
Troubleshooting AFL Fuzzing Problems
In our quest to find the CVE-2021-3156 vulnerability through fuzzing, we found that afl was causing our computer CPU and disk resources to get all used up. We addressed this, as well as some userid issues.