This repository is CVE-2021-3156 exploit targeting Linux x64. For original writeup by Worawit W., please visit https://datafarm-cybersecurity.medium.com/exploit-writeup-for-cve-2021-3156-sudo-baron-samedit-7a9a4282cb31
Credit to Braon Samedit of Qualys for the original advisory.
Fully credit for this fork to the original creator: Worawit
simplified_test_case.py is the simplified version of exploit_nss_manual.py found in the original respository. This was tested using Ubuntu 22.04 LTS Beta 1, the ISO can be found here. The Sudo version used here was 1.8.31p2 custom compiled from LiveOverflow; identical to the original source but includes debugging symbols and allows all sudo calls to be run as if they were done by unprivileged users, even while on the root account.
This version is not like the original repository: you must have libglibc2.0-dev installed with tcache enabled and nscd.service disabled.