Patch sudo NOW! CVE-2021-3156

00:00 Introduction
02:11 How to patch and update to sudo 1.9.5p2
06:21 Conversation with Caleb starts
08:08 Seeing the flaw from sudoedit
09:48 Check if you are patched
12:45 Sudoedit is just a symlink to sudo
14:13 Heap exploitation talk
16:06 The Qualys article differs from Packetstorm
19:10 Fuzzer goals
20:02 The first crash is at a function which arguments align with execve
21:38 We could fake a SYSTEMD_BYPASS_USERDB executable to run
23:25 Caleb’s primitive fuzzer code
24:42 The failing fuzzer in action (it doesn’t find anything)
25:27 How we could sorta-somewhat bypass ASLR with a partial overwrite
26:55 Trying to compile sudo with debugging symbols (fail)
29:18 Wrap up

Hang with our community on Discord! https://johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammondJohn HammondRead More