CVE-2021-3156

[Odvir]

This is my code, it is still unable to properly install sudo though.

[olegbck]

Please don't forget to remove the venv directory

[olegbck]

I can't find the exploit execution code in cvex.yml

[Odvir]

You are right, I didn't realize I accidentally deleted it when trying to clean up code

[olegbck]

It fails:

2024-11-21 12:00:20,277 - INFO - [ubuntu] TASK [Compile and install vulnerable sudo] *************************************
2024-11-21 12:00:21,582 - INFO - [ubuntu] fatal: [ubuntu]: FAILED! => {"changed": true, "cmd": "./configure --prefix=/usr --enable-static\nmake\nmake install\n", "delta": "0:00:00.492920", "end": "2024-11-21 11:00:19.482098", "msg": "non-zero return code", "rc": 127, "start": "2024-11-21 11:00:18.989178", "stderr": "configure: error: in /opt/sudo/sudo-1.8.31':\nconfigure: error: no acceptable C compiler found in $PATH\nSee config.log' for more details\n/bin/sh: 2: make: not found\n/bin/sh: 3: make: not found", "stderr_lines": ["configure: error: in /opt/sudo/sudo-1.8.31':", "configure: error: no acceptable C compiler found in $PATH", "See config.log' for more details", "/bin/sh: 2: make: not found", "/bin/sh: 3: make: not found"], "stdout": "configure: Configuring Sudo version 1.8.31\nchecking for gcc... no\nchecking for cc... no\nchecking for cl.exe... no", "stdout_lines": ["configure: Configuring Sudo version 1.8.31", "checking for gcc... no", "checking for cc... no", "checking for cl.exe... no"]}

[Odvir]

yeah the installation of the sudo is failing right now, I tried a bunch of ways around it but its just not working

[olegbck]

It still fails at this stage:

2024-11-26 12:41:22,494 - INFO - [ubuntu] TASK [Compile and install vulnerable sudo] *************************************
2024-11-26 12:41:23,638 - INFO - [ubuntu] fatal: [ubuntu]: FAILED! => {"changed": true, "cmd": "./configure --prefix=/usr --enable-static\nmake\nmake install\n", "delta": "0:00:00.398282", "end": "2024-11-26 11:41:22.855052", "msg": "non-zero return code", "rc": 127, "start": "2024-11-26 11:41:22.456770", "stderr": "configure: error: in /opt/sudo/sudo-1.8.31':\nconfigure: error: no acceptable C compiler found in $PATH\nSee config.log' for more details\n/bin/sh: 2: make: not found\n/bin/sh: 3: make: not found", "stderr_lines": ["configure: error: in /opt/sudo/sudo-1.8.31':", "configure: error: no acceptable C compiler found in $PATH", "See config.log' for more details", "/bin/sh: 2: make: not found", "/bin/sh: 3: make: not found"], "stdout": "configure: Configuring Sudo version 1.8.31\nchecking for gcc... no\nchecking for cc... no\nchecking for cl.exe... no", "stdout_lines": ["configure: Configuring Sudo version 1.8.31", "checking for gcc... no", "checking for cc... no", "checking for cl.exe... no"]}

[Odvir]

It still fails at this stage:

2024-11-26 12:41:22,494 - INFO - [ubuntu] TASK [Compile and install vulnerable sudo] *************************************
2024-11-26 12:41:23,638 - INFO - [ubuntu] fatal: [ubuntu]: FAILED! => {"changed": true, "cmd": "./configure --prefix=/usr --enable-static\nmake\nmake install\n", "delta": "0:00:00.398282", "end": "2024-11-26 11:41:22.855052", "msg": "non-zero return code", "rc": 127, "start": "2024-11-26 11:41:22.456770", "stderr": "configure: error: in /opt/sudo/sudo-1.8.31':\nconfigure: error: no acceptable C compiler found in $PATH\nSee config.log' for more details\n/bin/sh: 2: make: not found\n/bin/sh: 3: make: not found", "stderr_lines": ["configure: error: in /opt/sudo/sudo-1.8.31':", "configure: error: no acceptable C compiler found in $PATH", "See config.log' for more details", "/bin/sh: 2: make: not found", "/bin/sh: 3: make: not found"], "stdout": "configure: Configuring Sudo version 1.8.31\nchecking for gcc... no\nchecking for cc... no\nchecking for cl.exe... no", "stdout_lines": ["configure: Configuring Sudo version 1.8.31", "checking for gcc... no", "checking for cc... no", "checking for cl.exe... no"]}

ok I got rid of this section so that it doesn't error anymore

[olegbck]

I get this:

2024-12-07 09:24:35,334 - INFO - [ubuntu] Executing 'python3 /opt/exploit/sudo_exploit.py'...
2024-12-07 09:24:35,483 - INFO - [ubuntu] [*] Checking for CVE-2021-3156 vulnerability...
[-] System does not appear vulnerable or incorrect sudo version.
[-] Exiting: System is not vulnerable or exploit unsuccessful.

2024-12-07 09:24:35,487 - INFO - [ubuntu] Executing 'id'...
2024-12-07 09:24:35,616 - INFO - [ubuntu] uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd)

Does it work on your side?

[Odvir]

I get this:

2024-12-07 09:24:35,334 - INFO - [ubuntu] Executing 'python3 /opt/exploit/sudo_exploit.py'...
2024-12-07 09:24:35,483 - INFO - [ubuntu] [*] Checking for CVE-2021-3156 vulnerability...
[-] System does not appear vulnerable or incorrect sudo version.
[-] Exiting: System is not vulnerable or exploit unsuccessful.
2024-12-07 09:24:35,487 - INFO - [ubuntu] Executing 'id'...
2024-12-07 09:24:35,616 - INFO - [ubuntu] uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd)

Does it work on your side?

no. I wasn't able to install the vulnerable sudo on the machine, I just removed the code that caused the error. This is just what I had done by the deadline we had