Daniel Roberson - Baron Samedit

Daniel Roberson

Baron Samedit

2024-08-28

Baron Samedit (CVE-2021-3156) is a heap overflow vulnerability in the sudo software disclosed by Qualys in 2021.

This bug affects versions 1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1 in their default configurations.

This affects Ubuntu 20.04, Debian 10, Fedora 33 and several others.

https://github.com/worawit/CVE-2021-3156

https://www.exploit-db.com/exploits/49522

https://github.com/CptGibbon/CVE-2021-3156

https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Links to this note

SSH lateral movement

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit