Patch sudo NOW! CVE-2021-3156

00:00 Introduction
02:11 How to patch and update to sudo 1.9.5p2
06:21 Conversation with Caleb starts
08:08 Seeing the flaw from sudoedit
09:48 Check if you are patched
12:45 Sudoedit is just a symlink to sudo
14:13 Heap exploitation talk
16:06 The Qualys article differs from Packetstorm
19:10 Fuzzer goals
20:02 The first crash is at a function which arguments align with execve
21:38 We could fake a SYSTEMD_BYPASS_USERDB executable to run
23:25 Caleb’s primitive fuzzer code
24:42 The failing fuzzer in action (it doesn’t find anything)
25:27 How we could sorta-somewhat bypass ASLR with a partial overwrite
26:55 Trying to compile sudo with debugging symbols (fail)
29:18 Wrap up

Hang with our community on Discord!
If you would like to support me, please like, comment & subscribe, and check me out on Patreon:
Twitter: HammondRead More