Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

CVE Series: Sudo Privilege Escalation (CVE-2021-3156)

via Cybrary

Overview

Who should take this course?

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Why take this course?

The Cybersecurity and Infrastructure Security Agency (CISA) ranked CVE-2021-3156 as one of the top routinely exploited vulnerabilities of 2021. This critical vulnerability impacts Sudo before version 1.96p2.

Sudo is one of the most commonly utilized programs for Linux OS and Unix-like operating systems. This utility permits system administrators to give permission for other users to run commands and programs with the privileges of other users - including the root user or administrator with the highest level of access. It’s easy to see how a flaw in this powerful utility could cause problems for security teams!

In January of 2021, the Qualys Research Team discovered the sudo vulnerability that became known as CVE-2021-3156. This flaw can cause a heap-based buffer overflow vulnerability in sudo that permits an unprivileged user to simply and quickly escalate to root privileges on a victim’s system. With these privileges, an adversary could launch ransomware attacks and more.

This flaw had actually been present in sudo since July of 2011 - 10 years ago. Qualys fount that the flaw impacts all older, unpatched “legacy” versions of sudo from 1.8.2 to 1.831p2 and all “stable” versions from 1.9.0 to 1.95p1. The core problem here is that many users and organizations do not routinely update and patch their Linux systems. And without properly mitigating the risk, it’s no surprise that this vulnerability was one of the top 15 exploited flaws in the past year. Our course will help you understand this critical vulnerability from both a technical and non-technical perspective, so that you can prepare to protect your environment and communicate the severity of this flaw to your security team.

What makes this course different from other courses on similar topics?

After completing this course, you will be able to:

  • Define the Sudo privilege escalation vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders.

  • Exploit this vulnerability using publicly available exploit code.

  • Execute various mitigation tactics to reduce risk.

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against a dangerous vulnerability impacting Linux systems. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Syllabus

  • Sudo Priv Escalation Exploitation
    • Introduction and Background
    • Sudo Priv Esc Exploitation
  • Sudo Priv Esc Mitigation
    • Sudo Priv Esc Mitigation

Taught by

Raymond Evans

Reviews

Start your review of CVE Series: Sudo Privilege Escalation (CVE-2021-3156)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.