CVE-2021-3156 heap overflow in sudo command line / environment argument handling can be exploited on MacOS Big Sur (currently unpatched) by creating a symlink to sudo, additionally I have observed that t_delete() exploitation on Solaris has been updated to prevent negative chunk size overwrites but because you can write NULL's it is possible to reliably exploit this flaw on Solaris 10/11. You should patch Solaris if you use sudo as the repo has an update -

· · Web · 0 · 1 · 1
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!