Sudo Vulnerability Walkthrough
The most comprehensive video about the recent sudo vulnerability CVE-2021-3156.
sudo - Baron Samedit CVE-2021-3156
The most comprehensive video about the recent sudo vulnerability CVE-2021-3156
Why Pick sudo as Research Target? - Part 1: Discovering the Bug
The sudo vulnerability that was recently uncovered is critical due to the ubiquity of Linux machines all around us. In this first article, we discuss how to find the vulnerability using a command line argument fuzzing tool, AFL.
How Fuzzing with AFL works
Using LLVM and clang, we were able to fuzz Linux programs in the command line using the AFL fuzzer. Exploiting the fact that sudoedit is symlinked to sudo, we tried to find the CVE-2021-3156 vulnerability using fuzzing methods.
Troubleshooting AFL Fuzzing Problems
In our quest to find the CVE-2021-3156 vulnerability through fuzzing, we found that afl was causing our computer CPU and disk resources to get all used up. We addressed this, as well as some userid issues.
Finding Buffer Overflow with Fuzzing
We're logging crashes with AFL as we try to fuzz our way towards CVE-2021-3156. The crashes are found to be due to buffer overflow, so we set out to fix it.
Found a Crash Through Fuzzing? Minimize AFL Testcases!
Our fuzzer found a case that crashes the sudoedit program. We conduct an in-depth analysis of the test case that causes the binary to crash. After being sure that it works, we minimize the test case using AFL's own tool.