CVE-2021-3156非交互式执行命令

倾旋

Last update: Nov 15, 2022

Overview

CVE-2021-3156

This is a warehouse modification based on @CptGibbon and supports arbitrary command execution.

相关阅读：CVE-2021-3156 - Exploit修改

Root shell PoC for CVE-2021-3156 (no bruteforce)

For educational purposes etc.

Tested on :

@CptGibbon Ubuntu 20.04 against sudo 1.8.31
@Rvn0xsy Ubuntu 17.10

All research credit: Qualys Research Team Check out the details on their blog.

You can check your version of sudo is vulnerable with: $ sudoedit -s Y. If it asks for your password it's most likely vulnerable, if it prints usage information it isn't. You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with $ sudo apt install sudo=1.8.31-1ubuntu1

Usage

$ make

$ ./exploit "Command"

C++ Implementation of "An Equivariant Filter for Visual Inertial Odometry", ICRA 2021

EqF VIO (Equivariant Filter for Visual Inertial Odometry) This repository contains an implementation of an Equivariant Filter (EqF) for Visual Inertia

60 Nov 15, 2022

Offical repo for "Moynihan, M., Ruano, S., Pagés, R. and Smolic, A., 2021. Autonomous Tracking For Volumetric Video Sequences"

MeshTracker A segmentation-based tracking algorithm for registering volumetric video meshes (ply/obj) in C++. This is the official implementation of t

22 Nov 7, 2022

Python and C++ implementation of "MarkerPose: Robust real-time planar target tracking for accurate stereo pose estimation". Accepted at LXCV Workshop @ CVPR 2021.

MarkerPose: Robust Real-time Planar Target Tracking for Accurate Stereo Pose Estimation This is a PyTorch and LibTorch implementation of MarkerPose: a

47 Nov 18, 2022

Repository to keep track of progress; Started learning C on 2nd September 2021.

Repository to keep track of progress. I started learning C on 2nd September 2021. The future: I plan on turning this repository into a tutorial with c

4 Dec 16, 2021

[CVPR 2021] NormalFusion: Real-Time Acquisition of Surface Normals for High-Resolution RGB-D Scanning

NormalFusion: Real-Time Acquisition of Surface Normals for High-Resolution RGB-D Scanning Project Page | Paper | Supplemental material #1 | Supplement

50 Jan 2, 2023

The code for C programming 2021, Department of Computer Science, National Taiwan University.

C2021 .c for sousce code, .in for input file, and .out for correct output. The numbers are the problem indices in the judge system. "make number" to m

6 Jan 10, 2022

Mixed reality VR laser tag using Oculus Quest 2 and OAK-D depth cameras. First prize winner for North America region in OpenCV AI Competition 2021.

34 Jun 3, 2022

Real-time Skeletonization for Sketch-based Modeling (SMI:2021)

Real-time Skeletonization for Sketch-based Modeling (SMI:2021) Demo We provide an executable software under directory "demo_exe/". Tested Environment

247 Dec 21, 2022

Real-Time Neural 3D Hand Pose Estimation from an Event Stream [ICCV 2021]

EventHands: Real-Time Neural 3D Hand Pose Estimation from an Event Stream Project Page Index TRAIN.md -- how to train the model from scratch EVAL_REAL

23 Nov 7, 2022

Comments

Debian9

I'm trying to make it working on my lab with debian9 (ubuntu 17.10 is based on debian9) without success. Is there some parameter that I should check?

Sudo version 1.8.19p1 Sudoers policy plugin version 1.8.19p1 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.19p1 libc version 2.24-11+deb9u4

opened by Lussien 0

Owner

倾旋

知者不惑，仁者不忧，勇者不惧。

GitHub

PoC for CVE-2021-3156 (sudo heap overflow)

CVE-2021-3156 PoC for CVE-2021-3156 (sudo heap overflow). Exploit by @gf_256 aka cts. Thanks to r4j from super guesser for help. Credit to Braon Samed

433 Jan 4, 2023

Investigating the bug behind CVE-2021-26708

vsock_poc Investigating the bug behind CVE-2021-26708 This repo contains a small writeup about CVE-2021-26708, and how this bug can be turned into a U

25 Sep 19, 2022

2021/3/30 ～ 2021/7/12 に行われる企画「競プロ典型 90 問」の問題・解説・ソースコードなどの資料をアップロードしています。

競プロ典型 90 問日曜を除く毎朝 7:40 に競プロやアルゴリズムの教育的な問題を Twitter（@e869120）に投稿する企画です。本企画は、2021 年 3 月 30 日から 7 月 12 日まで行われる予定です。企画の目的「競プロ典型 90 問」は、競プロ初級者から中上級者（レー

709 Dec 29, 2022

https://cve.mitre.org/

CVE-Mitre Download single CVE The variable is only for example ;) you can make your own SVN script for downloading a single folder = CVE =) BR @nu11se

42 Dec 5, 2022

ICRA 2021 - Robust Place Recognition using an Imaging Lidar

Robust Place Recognition using an Imaging Lidar A place recognition package using high-resolution imaging lidar. For best performance, a lidar equippe

296 Jan 1, 2023

Material for the UIBK Operating Systems Lab (2021)

UIBK Operating Systems Lab 2021 This repository contains material required to complete exercises for the OS lab in the 2021 summer semester, including

13 Nov 3, 2022

Aulas de Sistemas Operativos da turma LI42D no semestre de verão de 2020/2021

ISEL - Sistemas Operativos LI42D - Verão de 2021 Aulas de Sistemas Operativos da turma LI42D no semestre de verão de 2020/2021 Aulas Remotas em Direct

12 May 6, 2022

Official PyTorch Code of GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Monocular 3D Object Detection (CVPR 2021)

GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Monocular 3D Object Detection GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Mo

76 Jan 2, 2023

Code and Data for our CVPR 2021 paper "Structured Scene Memory for Vision-Language Navigation"

SSM-VLN Code and Data for our CVPR 2021 paper "Structured Scene Memory for Vision-Language Navigation". Environment Installation Download Room-to-Room

35 Dec 3, 2022

The official implementation of our CVPR 2021 paper - Hybrid Rotation Averaging: A Fast and Robust Rotation Averaging Approach

Graph Optimizer This repo contains the official implementation of our CVPR 2021 paper - Hybrid Rotation Averaging: A Fast and Robust Rotation Averagin

109 Dec 23, 2022