{"vulnerability": "CVE-2021-3156", "sightings": [{"uuid": "eaec1b95-a58b-49c7-86c1-55286d8999a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "9da10140-22f5-44ea-832a-399469450344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971500", "content": "", "creation_timestamp": "2024-12-24T20:30:14.707979Z"}, {"uuid": "efd8e329-a1f6-468e-a347-1f8da0ce96d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f7a5df55-29cc-4c42-a2e8-7de95314d8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:37.000000Z"}, {"uuid": "036775d6-1b12-4961-aeb8-79be68c006a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:30.000000Z"}, {"uuid": "03713efc-7497-4267-ac59-1be98dd7e280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-50f1a5f6-768cfe71f5758dad", "content": "", "creation_timestamp": "2025-05-30T12:09:26.248967Z"}, {"uuid": "fdc34721-62c2-41e3-98d4-8f32f3345b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/Darkcrai86/2f210857459fb0d37570b02c1ed6553a", "content": "", "creation_timestamp": "2025-10-02T13:56:22.000000Z"}, {"uuid": "2cfd9fa0-d41a-4811-b906-d54a8bb1bc41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lvifr6mpjk2c", "content": "", "creation_timestamp": "2025-08-03T09:51:16.046451Z"}, {"uuid": "94e60052-7dd3-4bf5-91a4-ebb34a2221d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://infosec.exchange/users/BugBountyShorts/statuses/115391619199780913", "content": "", "creation_timestamp": "2025-10-17T21:26:19.003974Z"}, {"uuid": "3e30e861-1a7a-41e4-878f-05a471a51079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:02.000000Z"}, {"uuid": "12a5bd25-34ec-4667-8dc2-2722df9067be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/jeancristiancustodio/172110471375258e0cc858beb00f07c6", "content": "", "creation_timestamp": "2025-11-15T16:47:57.000000Z"}, {"uuid": "90622edb-463f-4b6d-ab44-4229afabf38d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudo_baron_samedit.rb", "content": "", "creation_timestamp": "2021-02-04T17:13:25.000000Z"}, {"uuid": "ca8d472a-5344-45fa-ac31-1c5439a4914c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/michaelxg.bsky.social/post/3lxx4jnn6dc2a", "content": "", "creation_timestamp": "2025-09-03T17:06:15.292034Z"}, {"uuid": "d03e5ee9-0aef-426b-afe1-98f6d369eb4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/michaelxg.bsky.social/post/3lxx4m62g3c2a", "content": "", "creation_timestamp": "2025-09-03T17:07:38.562734Z"}, {"uuid": "96c09990-e309-413c-982b-f6ecbdc10092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mfghuwc3tqm2", "content": "", "creation_timestamp": "2026-02-22T06:06:54.371578Z"}, {"uuid": "28f60a35-659d-4ea5-ad6c-cbbcfe2b93c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://bsky.app/profile/armgxxx.bsky.social/post/3mdkf4vlkee2r", "content": "", "creation_timestamp": "2026-01-29T08:37:53.261095Z"}, {"uuid": "f3f4d4a1-4e68-4071-9f2d-727278044fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/garagon/a8d92972c465aaeac354cd11668e409a", "content": "", "creation_timestamp": "2026-02-17T13:27:41.000000Z"}, {"uuid": "2f1f4f05-cdbc-46b1-909e-c21cd1a8d223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-3156", "type": "seen", "source": "https://bsky.app/profile/flarestart.bsky.social/post/3mi7moakz242f", "content": "", "creation_timestamp": "2026-03-29T16:59:32.732599Z"}, {"uuid": "e07aa707-2e14-43d0-8d04-edaed54a84b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b6557656-10d6-4e76-9711-368565a4bd59", "content": "", "creation_timestamp": "2026-02-02T12:27:53.330731Z"}, {"uuid": "7ecb07ff-4101-461f-86f1-76a4a1291f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/E2uaRG3ibx0u7X-3lCLRMt1JB-4VLbsHUeFUOFQXBK1KcJ8", "content": "", "creation_timestamp": "2026-01-02T09:00:05.000000Z"}, {"uuid": "2562f8a5-ed2a-49b1-8934-5255a214c6dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/3856", "content": "\u041a\u0430\u043a\u0430\u044f \u043f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-27T15:14:09.000000Z"}, {"uuid": "0b24f68a-b357-44da-b917-248062aa3323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3805", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Test payload for CVE-2021-3156. This will cause DoS.\n\nsudoedit -s '\\' `perl -e 'print \"A\" x 65536'", "creation_timestamp": "2021-01-27T05:47:34.000000Z"}, {"uuid": "0dd853b2-3c41-4fc5-a7ba-a467726a2e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/527", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156: Sudo heap overflow exploit for Debian 10\nURL\uff1ahttps://github.com/0xdevil/CVE-2021-3156", "creation_timestamp": "2021-09-14T19:27:37.000000Z"}, {"uuid": "ab3a17f7-5ed8-4c98-ad5c-b5dfcd3682e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/cKure/3803", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \u26a0\ufe0f AWS statement on CVE-2021-3156.\n\nhttps://aws.amazon.com/security/security-bulletins/AWS-2021-001/", "creation_timestamp": "2021-01-27T05:39:27.000000Z"}, {"uuid": "c4c0be6f-f481-4595-aab7-9959b0c65c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3800", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 #Zeroday in sudo command. #0day. Technical details. \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-27T05:30:07.000000Z"}, {"uuid": "6daa9fff-7e15-4619-9015-58cd68034c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/3799", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 \ud83d\udce2 CVE-2021-3156 | Buffer overflow in command line unescaping.\n\nhttps://www.sudo.ws/alerts/unescape_overflow.html", "creation_timestamp": "2021-01-27T05:27:10.000000Z"}, {"uuid": "c1c0503e-d11f-4c8b-8629-363b936f1e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/g7PPXzsQx3EvDhE5SPzBeDUjd4Cr-dmtNyjjylDsMmWuZRM", "content": "", "creation_timestamp": "2025-06-09T15:00:10.000000Z"}, {"uuid": "e7f15874-d5aa-4ed9-94c5-18e4b00f4192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/cKure/4044", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploit Writeup for CVE-2021\u20133156 (Sudo Baron Samedit)\n\nhttps://datafarm-cybersecurity.medium.com/exploit-writeup-for-cve-2021-3156-sudo-baron-samedit-7a9a4282cb31", "creation_timestamp": "2021-02-22T08:52:25.000000Z"}, {"uuid": "3c62b21b-c736-4e38-a54a-8e938a1464b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1371", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aRoot shell PoC for CVE-2021-3156\nURL\uff1ahttps://github.com/CptGibbon/CVE-2021-3156", "creation_timestamp": "2022-01-20T23:48:13.000000Z"}, {"uuid": "27e1ef53-6fad-4811-b537-243ef38f607e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1376", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit and Demo system for CVE-2021-3156\nURL\uff1ahttps://github.com/sharkmoos/Baron-Samedit", "creation_timestamp": "2022-01-23T16:39:13.000000Z"}, {"uuid": "69f67e65-f4bb-4de2-b6ca-e9ac76d79c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1260", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 - Sudo Baron Samedit\nURL\uff1ahttps://github.com/LiveOverflow/pwnedit", "creation_timestamp": "2022-01-03T15:13:21.000000Z"}, {"uuid": "8321f574-e86d-4a8a-9d47-5f851d45db3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1415", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 POC and Docker and Analysis write up\nURL\uff1ahttps://github.com/chenaotian/CVE-2021-3156", "creation_timestamp": "2022-01-27T02:34:14.000000Z"}, {"uuid": "fc8c3218-8be6-4765-adac-99e66a1a3696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1451", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploit for CVE-2021-3156\nURL\uff1ahttps://github.com/litt1eb0yy/CVE-2021-3156", "creation_timestamp": "2022-01-30T07:01:57.000000Z"}, {"uuid": "aaa1dda6-4f04-43b6-9cd4-588157835a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/RC-neZPZuuAvt0t2tEgin3P3978nN6aW7gbankyPkc-L53I", "content": "", "creation_timestamp": "2025-08-25T21:00:04.000000Z"}, {"uuid": "7ed0468d-6526-47d7-8d7f-9da62b678887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-31562\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.\n\ud83d\udccf Published: 2022-01-21T18:17:40.000Z\n\ud83d\udccf Modified: 2025-04-16T16:47:21.698Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01", "creation_timestamp": "2025-04-16T16:56:06.000000Z"}, {"uuid": "20fa1ac0-4d40-4395-bca2-08dfd4cdef20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/718", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-3156 exploit\nURL\uff1ahttps://github.com/Bubleh21/CVE-2021-3156", "creation_timestamp": "2021-10-20T07:39:22.000000Z"}, {"uuid": "4f4462f8-373f-40b6-ad63-af1ce9813cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/antichat/9556", "content": "Watch \"Critical Sudo Vulnerability Walkthrough // CVE-2021-3156\" on YouTube\nhttps://youtu.be/TLa2VqcGGEQ", "creation_timestamp": "2021-04-22T22:05:46.000000Z"}, {"uuid": "8f445f35-6c9f-4e43-a159-cd3869969300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/GithubRedTeam/44570", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aExploit para explotar la vulnerabilidad CVE-2025-32463\nURL\uff1ahttps://github.com/Maalfer/Sudo-CVE-2021-3156\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-19T10:02:46.000000Z"}, {"uuid": "e4f629ad-4038-4ef6-9877-1af981a982a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2423", "content": "Heap-based buffer overflow in Sudo (CVE-2021-3156)\n\nNice write-up and root cause analysis of the bug. \n\nSummary\n========================================================================\n\nWe discovered a heap-based buffer overflow in Sudo\n(https://www.sudo.ws/). This vulnerability:\n\n- is exploitable by any local user (normal users and system users,\n  sudoers and non-sudoers), without authentication (i.e., the attacker\n  does not need to know the user's password);\n\n- was introduced in July 2011 (commit 8255ed69), and affects all legacy\n  versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to\n  1.9.5p1, in their default configuration.\n\nWe developed three different exploits for this vulnerability, and\nobtained full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10\n(Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and\ndistributions are probably also exploitable.\n\nhttps://www.openwall.com/lists/oss-security/2021/01/26/3", "creation_timestamp": "2021-01-26T19:30:14.000000Z"}, {"uuid": "55cc4cb1-20c8-4e7b-aa2c-130f9f65e2cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5319", "content": "\u0422\u0443\u0442 \u0432 Ubuntu \u0440\u0435\u0448\u0438\u043b\u0438 \u0437\u0430\u0442\u0430\u0449\u0438\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430 Rust \u043d\u0430\u043f\u0438\u0441\u0430\u043d\n\n\u0412\u043e\u043e\u0431\u0449\u0435 \u044d\u0442\u043e \u0437\u043d\u0430\u043a\u043e\u0432\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e\n\n1. \u0410\u043d\u0430\u043b\u043e\u0433 \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\n2. \u042d\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0439 \u0448\u0430\u0433 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0443\u0442\u0438\u043b\u0438\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0435 \u0441 \"\u0438\u0441\u0442\u043e\u0440\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c\u0438\"\n\n\u042f \u043b\u0438\u0447\u043d\u043e \u043d\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0436\u0443 \u043d\u0438 \u043d\u0430 \u043a\u0430\u043a\u0438\u0435 \u043c\u043e\u0434\u043d\u044b\u0435 \"\ud83d\udca5blazing\ud83d\udcaafast\ud83d\ude80\" \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043f\u043e\u043a\u0430 \u043e\u043d\u0438 \u043d\u0435 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Canonical \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432 \u043e\u0441\u0435\u043d\u043d\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Ubuntu 25.10 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0430\u043d\u0430\u043b\u043e\u0433 \u0443\u0442\u0438\u043b\u0438\u0442\u044b sudo, \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c sudo-rs \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust. \u0412 \u043c\u0430\u0440\u0442\u0435 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0437\u0430\u043c\u0435\u043d\u044b \u0443\u0442\u0438\u043b\u0438\u0442 GNU Coreutils \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 uutils. \u041d\u0430 \u0441\u0442\u0430\u0434\u0438\u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u0437\u0430\u043c\u0435\u043d\u0435 zlib \u0438 ntpd \u043d\u0430 zlib-rs \u0438 ntpd-rs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044e Sequoia \u0432\u043c\u0435\u0441\u0442\u043e GnuPG \u0432 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 APT.\n\n\u0412 sudo-rs \u043f\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0430 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438 sudo \u0438 su, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c sudo-rs \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0439 \u0437\u0430\u043c\u0435\u043d\u044b sudo \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u0414\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043d\u0435 \u0436\u0435\u043b\u0430\u044e\u0449\u0438\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u0430 uutils \u0438 sudo-rs, \u0432 Ubuntu 25.10 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u043a\u0430\u0442\u0430 \u043d\u0430 \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442 coreutils \u0438 sudo.\n. . .\n\u0417\u0430\u043c\u0435\u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b \u043f\u043e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0441 \u043e\u0433\u043b\u044f\u0434\u043a\u043e\u0439 \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c, \u043d\u0430\u0434\u0451\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u044c. \u041f\u043e\u0441\u0442\u0430\u0432\u043a\u0430 \u0443\u0442\u0438\u043b\u0438\u0442, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Rust, \u0434\u0430\u0441\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435 \u043a \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u0445\u043e\u0434 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430. \u0415\u0441\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u0437\u043d\u0430\u043d \u0443\u0434\u0430\u0447\u043d\u044b\u043c, \u0442\u043e \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043d\u0430 Rust \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 LTS-\u0432\u0435\u0442\u043a\u0435 Ubuntu 26.04.\n\u0412 Ubuntu 25.10 \u0440\u0435\u0448\u0435\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433 sudo, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 Rust\nhttps://www.opennet.ru/opennews/art.shtml?num=63197\n\n\u041f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Rust \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c. \u0412\u043e\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u044b CVE \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0435\u0441\u044f \u043a sudo\n\n- CVE-2019-18634 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/saleemrashid/sudo-cve-2019-18634/)\n\n- CVE-2021-3156 - \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 root \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 (https://github.com/worawit/CVE-2021-3156)\n\n\u041d\u043e sudo-rs \u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u043e\u0438\u0442 \u0435\u0449\u0451 \u043c\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u044b, \u0447\u0442\u043e \u0431\u044b \"\u043e\u0431\u043a\u0430\u0442\u0430\u0442\u044c\u0441\u044f\" \u0441 \u043b\u043e\u0433\u0438\u043a\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b. \u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2023-42456\n\nFor example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames...The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access.\nhttp://cve.org/CVERecord?id=CVE-2023-42456\n\nGitHub \u043f\u0440\u043e\u0435\u043a\u0442\u0430\nhttps://github.com/trifectatechfoundation/sudo-rs", "creation_timestamp": "2025-05-07T21:41:33.000000Z"}, {"uuid": "4ed3dac3-599c-49d4-81d9-ccec81477edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/linuxtnt/2622", "content": "\u0633\u0644\u0627\u0645.\n\u0631\u0641\u0639 \u0628\u0627\u06af \u0633\u0648\u062f:\n\n\u0627\u0633\u0645 \u0628\u0627\u06af\u06cc \u06a9\u0647 \u0647\u0633\u062a:\nThe bug (CVE-2021-3156), dubbed \u201cBaron Semedit,\n\u0646\u0627\u0645 \u062f\u0627\u0631\u0647. \u0628\u0627\u0639\u062b \u0645\u06cc\u0634\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc   \u0631\u0648\u062a \u0628\u0647 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0628\u062f\u0647 \u0628\u062f\u0648\u0646 \u0627\u06cc\u0646\u06a9\u0647 \u062f\u0631 \u0644\u06cc\u0633\u062a sudoers file   \u0628\u0627\u0634\u0647\n\n\u06af\u0641\u062a\u0646 \u0627\u0632 \u0633\u0627\u0644 2011 \u0627\u06cc\u0646 \u0628\u0627\u06af \u0628\u0648\u062f\u0647.\n\u0648\u0627\u0633\u0647 \u0628\u0631\u0631\u0633\u06cc \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062a\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062e\u0648\u062f\u062a\u0648\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f  \u0633\u0648\u062f\u0648\u060c \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u063a\u06cc\u0631 \u0631\u0648\u062a \u0648\u0627\u0631\u062f \u0633\u06cc\u0633\u062a\u0645 \u0634\u0648\u06cc\u062f \u0648 \u06cc\u06a9 \u062f\u0633\u062a\u0648\u0631 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f:\nsudoedit -s /\n\n\u0627\u06af\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0634\u0645\u0627 \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0627\u0634\u0647 \u062e\u0637\u0627\u06cc\u06cc \u0645\u06cc\u062f\u0647 \u06a9\u0647 \u0628\u0627\nsudoedit\n\u0627\u06af\u0631 \u0647\u0645 \u0646\u0628\u0627\u0634\u0647 \u062e\u0637\u0627\u06cc\u06cc \u0628\u0627 usage\n\u062f\u0627\u062f\u0647 \u0645\u06cc\u0634\u0647.\n\n\u0648\u0627\u0633\u0647 \u0631\u0641\u0639 \u0645\u0634\u06a9\u0644 \u0627\u06cc\u0646 \u0628\u0627\u06af \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u0631\u0648 \u0628\u0632\u0646\u06cc\u062f:\n\n# For Ubuntu or Debian-based\n$ sudo apt update && sudo apt upgrade \n\n# For Arch Linuux\n$ sudo pacman -Syu\n\n#For Fedora\n$ sudo dnf update\n\n\u0628\u0639\u062f \u0627\u067e\u062f\u06cc\u062a \u0628\u0647 Sudo v1.9.5p2 \u062a\u063a\u06cc\u06cc\u0631 \u067e\u06cc\u062f\u0627 \u0645\u06cc\u06a9\u0646\u0647.\n\n\u0627\u06af\u0631 \u062f\u0633\u062a\u06cc \u0628\u062e\u0648\u0627\u0647\u06cc\u062f \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0633\u06cc\u0631 \u0628\u0631\u06cc\u062f.\nhttps://www.sudo.ws/download.html\n\n********************************************\n\n\n\u06a9\u0627\u0646\u0627\u0644 \u0645\u06a9\u0645\u0644: \u0627\u0645\u0648\u0632\u0634\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0648 \u0627\u0648\u067e\u0646 \u0633\u0648\u0631\u0633 \u0647\u0627                                   @linuxtnt\n\nTelegram\n\u0622\u0645\u0648\u0632\u0634 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0648 \u0627\u0648\u067e\u0646 \u0633\u0648\u0631\u0633\nhttps://t.me/joinchat/QPMh3Khn9izpmzqf", "creation_timestamp": "2021-01-31T03:01:04.000000Z"}, {"uuid": "08745a42-ddcb-436e-8e29-34d736b91ae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/368", "content": "\u0633\u0645\u0639\u062a \u0639\u0646 \u062a\u062c\u0633\u0633 \u0627\u0644\u062e\u0641\u064a \u0641\u064a \u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 \u061f\u061f\n\n\n\u0627\u0647\u0644\u0627 \u0648\u0633\u0647\u0644\u0627 \u0628\u064a\u0643 \u064a\u0639\u0632\u064a\u0632\u064a \u0641\u064a \u0645\u0642\u0627\u0644 \u062c\u062f\u064a\u062f \ud83d\ude01 \n\n\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0645\u0642\u0627\u0644 :\n\n( \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u062a\u0635\u0627\u0644 \u0644\u064a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 )\n\n\n\u0641\u064a \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0623\u062e\u0637\u0631 \u0627\u0644\u062d\u0645\u0644\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 \u0628\u0644\u063a\u062a \u0634\u0631\u0643\u0647 \n\n(  Palo Alto Networks - Unit 42  )\n\n\n\u0639\u0646 \u0646\u0634\u0627\u0637 \u0645\u0643\u062b\u0641 \u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u062a\u0647\u062f\u064a\u062f \u0645\u062a\u0642\u062f\u0645\u0629 \u062a\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CL-STA-0969 \u0642\u062f\u0631\u062a \u0627\u0646\u0647 \u062a\u0633\u062a\u0647\u062f\u0641 \u062e\u0644\u0627\u0644 \u0639\u0634\u0631 \u0627\u0634\u0647\u0631 \u0643\u0627\u0645\u0644\u0647 \u0627\u0644\u0628\u0646\u064a\u0647 \u0627\u0644\u062a\u062d\u062a\u064a\u0647 \u0627\u0644\u062d\u064a\u0648\u064a\u0647 \u0644\u064a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0627\u0633\u064a\u0627 \n\n\u0648 \u064a\u0639\u062a\u0642\u062f \u0627\u0646 \u0627\u0644\u062a\u062c\u0633\u0633 \u062f\u0627 \u0645\u0646 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062f\u0648\u0644 \ud83d\udd75\ud83c\udffb\n\n\n\u0637\u064a\u0628 \u064a\u0627 \u0633\u0628\u0627\u064a\u062f\u0631 \u062f\u0648\u0644 \u0647\u062f\u0641\u0647\u0645 \u0627\u064a \u061f\n\n\n\u0647\u062f\u0641\u0647\u0645 \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u062f\u0648\u0646 \u0627\u064a \u0639\u0644\u0645 \u0644\u064a \u0627\u064a \u0634\u062e\u0635 ( \u0633\u0631\u064a\u0647 \u062a\u0627\u0645\u0647 )\n\n\n\n\u0627\u0644\u062a\u062d\u0642\u064a\u0642\u0627\u062a \u0627\u0638\u0647\u0631\u062a \u0627\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0643\u0627\u0646 \u0645\u0646 \u0641\u0628\u0631\u0627\u064a\u0631 \u0644\u062d\u062f \u0646\u0648\u0641\u0645\u0628\u0631 2024 \u0648 \u0643\u0627\u0646 \u0627\u0644\u0647\u062f\u0641 \u0644\u0627\u0633\u0627\u0633\u064a \u0645\u0646 \u062f\u0627 \u0639\u0645\u0644 rce \u0645\u0646 \u063a\u064a\u0631 \u0644\u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a  \u0644\u064a \u062a\u0641\u0627\u0639\u0644 \u0639\u0634\u0627\u0646 \u0633\u0631\u0642\u0647 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \n\n\n\u0644\u062d\u0638\u0647 \u0628\u0633 \u0627\u064a \u0647\u0648\u0627 rce \u061f\n\n\u0628\u062e\u062a\u0635\u0627\u0631 rce \u0647\u064a\u0627 \u0647\u062c\u0645\u0647 \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647 \u0647\u062f\u0641\u0647 \u0627\u0646\u0647 \u062a\u0639\u0645\u0644 \u0627\u062e\u062a\u0631\u0627\u0642 \u0648 \u062a\u062d\u0643\u0645 \u0641\u064a shell \u0644\u064a \u0627\u0644\u0636\u062d\u064a\u0647 \u0648 \u062f\u064a \u0645\u0646 \u0627\u062e\u0637\u0631 \u0647\u062c\u0645\u0627\u062a \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647\n\n\n\u0637\u064a\u0628 \u0627\u0634\u0631\u062d \u0644\u064a\u0646\u0627 \u0645\u062b\u0627\u0644 \u0639\u0646 \u0647\u062c\u0648\u0645 \u061f\n\n\n\u0647\u0645\u0627 \u0627\u0633\u062a\u062e\u062f\u0645\u0648 \u0627\u062f\u0647 \u0627\u0633\u0645\u0647 \n\n( Cordscan )\n\n\u0628\u062d\u064a\u062b \u0627\u0646\u0647\u0645 \u064a\u062c\u0645\u0648\u0639 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0639\u0646 \u0644\u0627\u062c\u0647\u0627\u0632\u0647 \u0648 \u0644\u062d\u062f \u0648\u0642\u062a\u0646\u0627 \u0647\u0630\u0627 \u0645\u062d\u062f\u0634 \u0644\u0642\u064a \u062f\u0644\u064a\u0644\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u0639\u0645\u0644\u0648 brute-force \u0639\u0644\u0649 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SSH\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u062f\u062e\u0644\u0648 \u0641\u064a ssh \u0648 \u0632\u0631\u0639\u0648\u0627 malware \n\n\nAuthDoor : \u0648\u062d\u062f\u0629 \u0645\u0635\u0627\u062f\u0642\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0642\u0648\u0645 \u0628\u0633\u0631\u0642\u0629 \u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0648\u062a\u0648\u0641\u0631 \u0648\u0635\u0648\u0644 \u062f\u0627\u0626\u0645 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \"\u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u0633\u062d\u0631\u064a\u0629\".\n\nCordscan : \u0623\u062f\u0627\u0629 \u0644\u0641\u062d\u0635 \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0627\u0644\u062a\u0642\u0627\u0637 \u0627\u0644\u062d\u0632\u0645.\n\nGTPDOOR: \u0645\u0635\u0645\u0645\u0629 \u062e\u0635\u064a\u0635\u064b\u0627 \u0644\u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0642\u0631\u064a\u0628\u0629 \u0645\u0646 \u062a\u0628\u0627\u062f\u0644 \u062a\u062c\u0648\u0627\u0644 GPRS.\n\nEchoBackdoor: \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0633\u0644\u0628\u064a \u064a\u0633\u062a\u062e\u062f\u0645 \u062d\u0632\u0645 ICMP \u0644\u062a\u0644\u0642\u064a \u0648\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c.\n\nSGSN Emulator (sgsnemu) : \u0644\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u062c\u062f\u0631\u0627\u0646 \u0627\u0644\u0646\u0627\u0631\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0627\u0644\u0634\u0628\u0643\u0629.\n\nChronosRAT : \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0642\u0627\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0634\u0644 \u0643\u0648\u062f\u060c \u0623\u062e\u0630 \u0644\u0642\u0637\u0627\u062a \u0634\u0627\u0634\u0629\u060c \u062a\u0633\u062c\u064a\u0644 \u0636\u063a\u0637\u0627\u062a \u0627\u0644\u0645\u0641\u0627\u062a\u064a\u062d\u060c \u0625\u0644\u062e.\n\nNoDepDNS (MyDns) : \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0628\u0644\u063a\u0629 Go \u064a\u062a\u0644\u0642\u0649 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0639\u0628\u0631 DNS \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0648\u062a UDP \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0641\u0630 53.\n\n\n\u0648 \u0627\u062e\u062a\u0631\u0642\u0648 \u0643\u0630\u0627 \u0645\u062c\u0645\u0648\u0639\u0647 \u0632\u064a :\n\nLightBasin (UNC1945): \u062a\u0633\u062a\u0647\u062f\u0641 \u0642\u0637\u0627\u0639 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0645\u0646\u0630 2016.\n\nUNC2891: \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u0627\u0644\u064a\u0629 \u0647\u0627\u062c\u0645\u062a \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0635\u0631\u0627\u0641 \u0627\u0644\u0622\u0644\u064a.\n\nUNC3886: \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0633\u062a\u063a\u0644\u062a \u062b\u063a\u0631\u0627\u062a \u0641\u064a VMware.\n\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\u0648 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u064a cves \u0632\u064a :\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\u0648 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0643\u0646\u064a\u0643\u0627\u062a \u0644\u064a \u062a\u062e\u0641\u064a \u0632\u064a :\n\n\u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0639\u0628\u0631 DNS tunneling\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0634\u063a\u0644\u064a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646 \u0643\u0646\u0642\u0627\u0637 \u0648\u0633\u064a\u0637\u0629\n\n\u0645\u0633\u062d \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\n\n\u062a\u0639\u0637\u064a\u0644 SELinux\n\n\u062a\u063a\u064a\u064a\u0631 \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0644\u062a\u0628\u062f\u0648 \u0634\u0631\u0639\u064a\u0629 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645\n\n\n\u0648 \u0643\u0627\u0646 \u0641\u064a \u0631\u062f \u0641\u0639\u0644 \u0627\u0644\u062f\u0648\u0644 \u0632\u064a \u0627\u0644\u0635\u064a\u0646 \u0648 \u0627\u0645\u0631\u064a\u0643\u0627 \n\n\n\u062d\u064a\u0646 \u0633\u0627\u0626\u0644 \u0627\u0644\u0631\u0626\u064a\u0633 \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a \u062f\u0648\u0646\u0627\u0644\u062f \u062a\u0631\u0627\u0645\u0628 \u0639\u0644\u0649 \u0642\u0646\u0627\u0629 \u0641\u0648\u0643\u0633 \u0646\u064a\u0648\u0632 \u0639\u0646 \u0647\u062c\u0645\u0627\u062a \u0635\u064a\u0646\u064a\u0629 \u0639\u0644\u0649 \u0646\u0638\u0645 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0644\u0643\u064a\u0629 \u0627\u0644\u0641\u0643\u0631\u064a\u0629 \u0642\u0627\u0644 :\n\n\u0647\u0648 \u0623\u0646\u062a \u0645\u062a\u062e\u064a\u0644 \u0627\u0646\u0646\u0627 \u0645\u0634 \u0628\u0646\u0639\u0645\u0644 \u0643\u062f\u0647 \u061f\u061f\u061f\n\n \u0627\u062d\u0646\u0627 \u0628\u0646\u0639\u0645\u0644 \u062d\u0627\u062c\u0627\u062a \u0643\u062a\u064a\u0631 \u0643\u062f\u0647 \u0627\u0644\u062f\u0646\u064a\u0627 \u0645\u0627\u0634\u064a\u0629 . \u0627\u0644\u0639\u0627\u0644\u0645 \u062f\u0647 \" \u0645\u0634 \u0633\u0647\u0644 \"\n\n\u0648\u0643\u0627\u0646 \u0627\u0644\u062d\u062f\u062b \u062f\u0627 \u062c\u0647 \u0645\u0639 \u0648\u0642\u062a \u0627\u0644\u064a \u0627\u0644\u0641\u0631\u064a\u0642 \u0627\u0644\u062a\u0642\u0646\u064a \u0627\u0644\u0635\u064a\u0646\u064a \u062d\u064a\u062b \u0642\u0627\u0644\u0648 \u0627\u0646 \u0627\u0644\u0635\u064a\u0646 \u0647\u064a\u0627 \u0627\u0644\u0633\u0628\u0628 \u0644\u0646\u0647\u0645 \u0642\u062f\u0631\u0648 \u064a\u0644\u0642\u0648 zero day  \u0641\u064a \n\n( Microsoft Exchange )\n\n\n\u0648 \u0631\u0643\u0632 \u0641\u064a \u062f\u064a\n\n\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0623\u0643\u062b\u0631 \u0645\u0646 50 \u062c\u0647\u0627\u0632 \u0639\u0627\u0626\u062f\u064a\u0646 \u0644\u0643\u064a\u0627\u0646 \u0639\u0633\u0643\u0631\u064a \u0635\u064a\u0646\u064a \u0643\u0628\u064a\u0631 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 2022 \u0648\u064a\u0648\u0644\u064a\u0648 2023 \n\n\u0648\u0632\u0639\u0645\u062a \u0627\u0644\u0635\u064a\u0646 \u0623\u0646 \u0627\u0644\u0623\u0647\u062f\u0627\u0641 \u0634\u0645\u0644\u062a \u062c\u0627\u0645\u0639\u0627\u062a \u0648\u0645\u0624\u0633\u0633\u0627\u062a \u0628\u062d\u062b\u064a\u0629 \u0648\u0634\u0631\u0643\u0627\u062a \u062a\u0639\u0645\u0644 \u0641\u064a \u0645\u062c\u0627\u0644\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0648\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0627\u0644\u0641\u0636\u0627\u0626\u064a \n\n\u0648\u0642\u062f \u0627\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0648\u0646 \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a\u0648\u0646  \u062d\u0633\u0628 \u0632\u0639\u0645 \u0627\u0644\u0635\u064a\u0646  \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 \u0648\u0646\u0648\u0641\u0645\u0628\u0631 2024\n\n\n\n\u0627\u0643\u062a\u0628\u0648 \u0644\u064a\u0627 \u0631\u0627\u064a\u0643\u0645 \u0641\u064a \u0627\u0644\u0645\u0642\u0627\u0644 \u062d\u0627\u0648\u0644\u062a \u0627\u062e\u0644\u064a \u0644\u063a\u0647 \u0627\u0644\u0639\u0631\u0628\u064a\u0647 \u0627\u0644\u0641\u0635\u062d\u0647 \u0641\u064a \u0648 \u0634\u0643\u0631\u0627 \u0639\u0644\u064a \u0642\u0631\u0627\u0626\u0647 \u0627\u0644\u0645\u0642\u0627\u0644 \ud83e\udd0d\u2728\n\n\n\u0645\u0635\u062f\u0631 : \n\n\nhttps://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html", "creation_timestamp": "2025-08-03T10:22:58.000000Z"}, {"uuid": "c76a0064-cef9-4cdc-a81e-8854fac015d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/369", "content": "Title:\nCovert Espionage in Asia\u2019s Communication Networks\n\nHello and welcome, dear reader, to a new article \ud83d\ude01\n\nIn one of the most serious cyber espionage campaigns recently discovered, Palo Alto Networks \u2013 Unit 42 reported intense activity from an advanced threat group known as CL-STA-0969, which is believed to have targeted the critical telecommunications infrastructure of Southeast Asia over a span of ten months.\n\nIt is suspected that this operation was state-sponsored \ud83d\udd75\ud83c\udffb\n\n\n---\n\n\ud83e\udde0 So, what was their goal?\n\nTheir primary goal was to silently infiltrate and control telecom networks without detection \u2014 complete stealth.\n\nInvestigations revealed that the attacks occurred between February and November 2024, with the primary objective being Remote Code Execution (RCE) for data theft, without requiring user interaction.\n\n\n---\n\n\u26a0\ufe0f Wait \u2014 what is RCE?\n\nRCE (Remote Code Execution) is a cyberattack that allows an attacker to gain access to a system and execute commands remotely via a shell \u2014 one of the most dangerous forms of attack.\n\n\n---\n\n\ud83d\udd0d Example of the attack:\n\nThe attackers used a tool called Cordscan to gather intelligence about network devices.\nTo this day, no direct evidence has been found regarding their initial access point.\n\nThen, they performed brute-force attacks on SSH protocols, eventually gaining access and planting multiple malware payloads:\n\nAuthDoor: A malicious authentication module that steals credentials and allows persistent access using a \"magic password.\"\n\nCordscan: A network scanning and packet capturing tool.\n\nGTPDOOR: Specifically built for telecom networks near GPRS roaming exchanges.\n\nEchoBackdoor: A passive backdoor using ICMP packets for command execution and result delivery.\n\nSGSN Emulator (sgsnemu): Bypasses firewalls through network manipulation.\n\nChronosRAT: Malware capable of executing shellcode, capturing screenshots, keylogging, and more.\n\nNoDepDNS (MyDns): A Go-based backdoor that receives commands over DNS using UDP on port 53.\n\n\n\n---\n\n\ud83c\udfaf Targeted Threat Groups:\n\nThey also interacted with or mimicked operations of other known APTs:\n\nLightBasin (UNC1945): Targeting telecom since 2016.\n\nUNC2891: Financially motivated, known for ATM attacks.\n\nUNC3886: Exploited vulnerabilities in VMware systems.\n\n\n\n---\n\n\ud83e\uddf0 Tools Used:\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\n\n---\n\n\ud83d\udd13 CVEs Exploited:\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\n\n---\n\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Stealth Techniques:\n\nDNS tunneling for traffic obfuscation\n\nUsing compromised telecom infrastructure as intermediate relays\n\nLog tampering and credential wiping\n\nDisabling SELinux\n\nRenaming malicious processes to appear legitimate\n\n\n\n---\n\n\ud83c\udf0d International Response \u2013 China & USA\n\nWhen asked on Fox News about alleged Chinese cyberattacks on U.S. telecom infrastructure and intellectual property theft, former U.S. President Donald Trump responded:\n\n> \u201cYou really think we don\u2019t do that too?\nWe do a lot of things like that... the world isn\u2019t simple.\u201d\n\n\n\nThis controversy coincided with statements from a Chinese tech team claiming China was the victim, after discovering a Zero-Day vulnerability in Microsoft Exchange.\n\nThey further alleged that over 50 devices belonging to a major Chinese military entity were compromised between July 2022 and July 2023.\n\nThe Chinese claimed the targets included universities, research institutes, and satellite internet companies.\n\nAccording to their reports, U.S. hackers exploited electronic file system vulnerabilities to compromise the targets between July and November 2024.\n\n\n---\n\nSource:\nThe Hacker News \u2013 CL-STA-0969 Campaign", "creation_timestamp": "2025-08-03T10:00:38.000000Z"}, {"uuid": "5386e87e-5e7c-44f7-bdf0-f712936cf156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/BleepingComputer/9045", "content": "Latest macOS Big Sur also has SUDO root privilege escalation flaw\n\nRecently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet. [...]\n\nhttps://www.bleepingcomputer.com/news/security/latest-macos-big-sur-also-has-sudo-root-privilege-escalation-flaw/", "creation_timestamp": "2021-02-03T11:31:25.000000Z"}, {"uuid": "7df8f913-da61-4415-8d70-b4220c868aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/fmCydS8g_rr1eZoXRtWSbnkmJ-MKQbhzsJWUs4lxQafZcasJ", "content": "", "creation_timestamp": "2021-02-01T06:18:24.000000Z"}, {"uuid": "8aac3476-888b-4440-b298-1c42a1c7d6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/Rg02G1EeA15TwWZ1pSDugSv9c8R7BSyf-8mnTk8tekiQrLs", "content": "", "creation_timestamp": "2025-07-18T15:00:06.000000Z"}, {"uuid": "f847ef0e-4655-4582-9b07-e118284f3212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/infobes/301", "content": "CVE-2021-26855/27065 - ProxyLogon MS Exchange Server RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-22986 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-27076 - A Replay-style Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-21193:\nGoogle Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-27076:\nReplay Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-27889, CVE-2021-27890:\nMyBB RCE Chain\nhttps://blog.sonarsource.com/mybb-remote-code-execution-chain", "creation_timestamp": "2021-03-22T10:14:45.000000Z"}, {"uuid": "7e9efbb2-9ff6-424a-afc1-b1b0f3184f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/alexmakus/3884", "content": "\u0432 macOS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442 \u0441 \u0444\u0438\u043a\u0441\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 sudo \n\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed by updating to sudo version 1.9.5p2.\nCVE-2021-3156: Qualys\n\nhttps://support.apple.com/en-us/HT212177", "creation_timestamp": "2021-02-09T19:47:42.000000Z"}, {"uuid": "eff8aa56-d55b-4941-ad8c-449251a366f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "ca154f73-0a4f-4349-b474-4acf6d774000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/7XG3Qhyveq0sd-sorvBusAou1bYnK4tFO-cr4qbsp7Vd2w0", "content": "", "creation_timestamp": "2024-08-28T07:50:25.000000Z"}, {"uuid": "aec2381b-c697-4f26-aa58-a6cb5fa7d45a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/ctinow/28130", "content": "Recently discovered CVE-2021-3156 SUDO bug also affects macOS Big Sur\n\nhttps://ift.tt/39KmRKZ", "creation_timestamp": "2021-02-03T18:02:25.000000Z"}, {"uuid": "7bbc954c-936c-4928-bbbe-40bcae973fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/aAToEbDNA_gNIUhyoA2hljK3gxWeXOko5fP_6rpSBJwcFeM", "content": "", "creation_timestamp": "2021-01-27T09:00:26.000000Z"}, {"uuid": "aba9d0d7-c2f8-489e-a86c-bb3da225c7a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"}, {"uuid": "9b00e88b-76ae-47ba-b1dd-9aa3c19de01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/9ZPtMGQ2NTqDlQjOJ_KORtJHj6LrGXIkN7PF8Qy11_r0aZ9d", "content": "", "creation_timestamp": "2025-02-06T02:39:19.000000Z"}, {"uuid": "6451916a-bb0d-4506-a2fb-7e289742e1df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/arpsyndicate/1983", "content": "#ExploitObserverAlert\n\nCVE-2021-3156\n\nDESCRIPTION: Exploit Observer has 373 entries related to CVE-2021-3156. Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.\n\nFIRST-EPSS: 0.965750000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T12:32:10.000000Z"}, {"uuid": "cd12d3e9-f4c8-498c-a36e-d2bd65894c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/arpsyndicate/872", "content": "#ExploitObserverAlert\n\nCVE-2021-3156\n\nDESCRIPTION: Exploit Observer has 324 entries related to CVE-2021-3156. Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.\n\nFIRST-EPSS: 0.965750000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-02T01:12:34.000000Z"}, {"uuid": "5280bd48-5ba6-40bf-8f1b-c3e113ff5cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/5ubDiOPhpE3YXrILNQXATGJJi9BbUr-zrtzW-n3816ppGAI", "content": "", "creation_timestamp": "2025-02-11T10:00:05.000000Z"}, {"uuid": "73838298-e907-4b98-ba5d-6c8d99b2012f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"}, {"uuid": "974d7926-f476-43fb-a897-0c12bd6435f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/leaked_databases/480", "content": "_NOT_ a leaked database but still worth mentioning, since this exploit will greatly increase the capabilities of every skid with a webshell: \n\nSudo has been vulnerable for about 10 years. Good thing I run everything as root already :)\n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-28T08:21:20.000000Z"}, {"uuid": "761eed57-cd00-4e5e-9d0e-be32af0cbcd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/5890", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Positive Technologies \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0430\u0446\u0438\u0438 ExCobalt \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u043c \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 GoRed \u043d\u0430 \u0431\u0430\u0437\u0435 Golang.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 ExCobalt \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435 \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2016 \u0433\u043e\u0434\u0430, \u0438\u0437 \u0447\u0438\u0441\u043b\u0430, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0431\u044b\u0432\u0448\u0438\u0445 \u0447\u043b\u0435\u043d\u043e\u0432 \u0431\u0430\u043d\u0434\u044b Cobalt.\n\nCobalt\u00a0\u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u00a0\u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, \u043e\u0442\u043b\u0438\u0447\u0430\u044f\u0441\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 CobInt, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u0432 2022 \u0433\u043e\u0434\u0443.\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0420\u0424 \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0441\u0435\u043a\u0442\u043e\u0440\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0433\u043e\u0441\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438, \u043c\u0435\u0442\u0430\u043b\u043b\u0443\u0440\u0433\u0438\u044e, \u0433\u043e\u0440\u043d\u043e\u0434\u043e\u0431\u044b\u0432\u0430\u044e\u0449\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0440\u0435\u0434\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u0430\u00a0\u0438 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0447\u0442\u043e \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439.\n\n\u041c\u0435\u0442\u043e\u0434\u043e\u043b\u043e\u0433\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u044b ExCobalt \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Metasploit, Mimikatz, ProcDump, SMBExec, Spark RAT\u00a0\u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 EoP-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Linux (CVE-2019-13272, CVE-2021-3156, CVE-2021- 4034 \u0438 CVE-2022-2586).\n\n\u041f\u0440\u0435\u0442\u0435\u0440\u043f\u0435\u0432\u0448\u0438\u0439 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f GoRed \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u0445, \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u041e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 RPC \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0441 C2.\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0440\u044f\u0434 \u0444\u043e\u043d\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0449\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438. \u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443.\n\nExCobalt \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u0432 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u043d\u043e\u0432\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u0443\u044f \u043c\u0435\u0442\u043e\u0434\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c GoRed\u00a0\u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0430\u0435\u0442 \u0432\u0441\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e \u0441\u0431\u043e\u0440\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432\u044b, \u043f\u043e\u0432\u044b\u0448\u0430\u044f \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u044c \u043a\u0430\u043a \u0432\u043d\u0443\u0442\u0440\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0442\u0430\u043a \u0438 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 C2.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, ExCobalt \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442 \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u044c \u0438 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u043f\u043e\u043b\u043d\u044f\u044f \u0441\u0432\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u044e\u0442 \u0433\u0440\u0443\u043f\u043f\u0435 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0438 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043a \u0435\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0441\u043b\u0430\u0431\u044b\u0445 \u0441\u0442\u043e\u0440\u043e\u043d \u0436\u0435\u0440\u0442\u0432\u044b.", "creation_timestamp": "2024-06-24T14:33:41.000000Z"}, {"uuid": "ae609f88-19c1-4b93-adab-06e372f6dd16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/S7Ipgu0vMt50c0baWnLK9ZDMGJrzeFNEpMbERuEw4Udr-Q", "content": "", "creation_timestamp": "2021-03-20T03:08:49.000000Z"}, {"uuid": "71bdf008-7f84-44d2-9e1e-75e9bba214b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/Fp_2ZLBngiOhyv14CIKtit6DO5l30RGjm7oxvF-OGmjIyA", "content": "", "creation_timestamp": "2021-03-20T03:03:09.000000Z"}, {"uuid": "0acb30df-7351-454a-97f3-7da15f42b881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/381", "content": "CVE-2021-3156 sudo Vulnerability that affects most Linux Systems\n\n#cve-2021-3156 #BufferOverflow #Exploit #InfoSec #Ubuntu #CyberSecurity #Linux\n\nhttps://reconshell.com/cve-2021-3156-sudo-vulnerability-that-affects-most-linux-systems/", "creation_timestamp": "2021-01-30T05:33:24.000000Z"}, {"uuid": "d6cfaca9-af6d-4c9a-8429-4053c5ef5ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/1418", "content": "\u200b\u200b\u0420\u043e\u0432\u043d\u043e \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u0430\u0437\u0430\u0434 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 macOS \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-3156 aka Baron Samedit \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043b\u044e\u0431\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0440\u0443\u0442\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u042d\u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u043e \u043d\u0435 RCE, \u043d\u043e \u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0433\u043e \u0442\u043e\u0436\u0435 \u043c\u0430\u043b\u043e. \n\n\u0425\u043e\u0440\u043e\u0448\u0430\u044f \u043d\u043e\u0432\u043e\u0441\u0442\u044c - Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f macOS Big Sur, Catalina \u0438 Mojave, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u043e\u0448\u0438\u0431\u043a\u0443. \n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u043c \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 macOS \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2021-02-10T08:03:55.000000Z"}, {"uuid": "12c961bd-9a9d-433e-bb34-002d2c8ac558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/true_secator/1389", "content": "\u200b\u200b\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u043f\u0440\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u0443\u044e (\u043d\u043e \u043d\u0435 \u0441\u0432\u0435\u0436\u0443\u044e) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-3156 aka Baron Samedit \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u044e\u0431\u044b\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 \u0438\u044e\u043b\u044f 2011 \u0433\u043e\u0434\u0430. \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u043e\u043c \u0440\u0443\u0442\u043e\u0432\u044b\u0445 \u043f\u0440\u0430\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Qualys \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0442\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u0440\u0430\u0432\u0430 \u0432 Ubuntu 20.04, Debian 10 \u0438 Fedora 33.  \u041d\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0441\u0440\u0430\u0437\u0443 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e CVE-2021-3156 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\nQualys \u043a\u0430\u043a \u0432 \u0432\u043e\u0434\u0443 \u0433\u043b\u044f\u0434\u0435\u043b\u0438. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Hacker Fantastic, \u0432 \u043c\u0438\u0440\u0443 \u041c\u044d\u0442\u044c\u044e \u0425\u0438\u043a\u043a\u0438, \u0441\u043e\u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 CTO Hacker House, \u0441\u043e\u043e\u0431\u0449\u0438\u043b, \u0447\u0442\u043e MacOS Big Sur \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445 \u043a \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044e \u0425\u0438\u043a\u043a\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0440\u0430\u0431\u043e\u0442\u043e\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f macOS \u043e\u0442 Apple \u043e\u0448\u0438\u0431\u043a\u0443 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442. \u0412\u0438\u0434\u0438\u043c\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043f\u0430\u0442\u0447.", "creation_timestamp": "2021-02-03T09:49:03.000000Z"}, {"uuid": "b8f76c07-f1f5-40a7-bcbd-e7c85525ca02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/1372", "content": "\u0410\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Qualys, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u044f\u0432\u043d\u044b\u0435 \u043a\u043e\u0441\u044f\u043a\u0438 \u0441 SolarWinds Orion, \u0443\u043c\u0435\u0435\u0442 \u0438 \u0432 \u0445\u043e\u0440\u043e\u0448\u0438\u0439 \u0438\u043d\u0444\u043e\u0441\u0435\u043a.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043b\u044e\u0431\u044b\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0430\u0436 \u0441 \u0438\u044e\u043b\u044f 2011 \u0433\u043e\u0434\u0430. \u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 CVE-2021-3156 \u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Baron Samedit.\n\nQualys \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0442\u0440\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0440\u0443\u0442\u043e\u0432\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u0432 Ubuntu 20.04, Debian 10 \u0438 Fedora 33. \u041a\u0430\u043a \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0435\u0439 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 nix-\u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c sudo \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.9.5p2, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0448\u043b\u0430 \u0432\u0447\u0435\u0440\u0430.", "creation_timestamp": "2021-01-27T13:50:05.000000Z"}, {"uuid": "fcaeb227-5500-449a-886f-95f7401069a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "Telegram/4_8a_MkvOFnrbdUYNrDIriL7lct5WgzqHUY09JdVCm76MA", "content": "", "creation_timestamp": "2021-02-27T14:23:48.000000Z"}, {"uuid": "108d309f-b0a1-4f87-90b2-f98273b05837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/alexpolyarny/57f43c066e9cb8be3a2418763cab2f75", "content": "", "creation_timestamp": "2026-04-30T15:29:18.000000Z"}, {"uuid": "e7377b53-00a5-46eb-85dc-360882149093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31567", "type": "seen", "source": "https://t.me/cibsecurity/36480", "content": "\u203c CVE-2021-31567 \u203c\n\nAuthenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T22:21:59.000000Z"}, {"uuid": "a4ee4dc6-f936-4b77-a691-8202a6f0e2db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31562", "type": "seen", "source": "https://t.me/cibsecurity/36049", "content": "\u203c CVE-2021-31562 \u203c\n\nThe SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an entity to gain access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T22:13:42.000000Z"}, {"uuid": "d1195315-2a20-4c22-965b-99bbce73376e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/cibsecurity/22691", "content": "\u203c CVE-2021-3156 \u203c\n\nSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-27T00:36:47.000000Z"}, {"uuid": "03d94c43-565e-41f2-b8b1-5301649369d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/bY_MpS1ko59Bih8aJrT0olVpy6o50zhn89cufYuKiR0JOQ", "content": "", "creation_timestamp": "2021-01-27T16:41:29.000000Z"}, {"uuid": "ad2ad608-a40e-41a4-960f-e224317c88e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/thehackernews/1030", "content": "Apple releases a security patch for 10-year-old macOS SUDO root privilege escalation vulnerability, tracked as CVE-2021-3156, and also called \"Baron Samedit.\"\n\nRead details \u2014 https://thehackernews.com/2021/02/apple-patches-10-year-old-macos-sudo.html", "creation_timestamp": "2021-02-10T11:35:33.000000Z"}, {"uuid": "636a8372-b3ec-4f54-8ec6-50ddd80615fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/itsecalert/130", "content": "\u26a0\ufe0fBuffer overflow in sudo (linux utility) - \u2757\ufe0f affects most distributions/versions - CVE-2021-3156\nWhile a local user is required to exploit this vulnerability, even the account 'nobody' can exploit this vulnerability. An unprivileged user can gain root privileges on affected hosts!\n\nCheck if you are affected!\nTo check if you are affected, run sudoedit -s / as non-root user. If the response is sudoedit: your system is vulnerable.\n\nThe following \"sudo\" versions are vulnerable\n* All legacy versions from 1.8.2 to 1.8.31p2\n* All stable versions from 1.9.0 to 1.9.5p1\n\nSeverity: \ud83d\udd38High\n\nAdditional information\nhttps://yt.gl/sudobufferoverflow\n\n#alert #severityHigh #vulnerability #linux #sudo \n\n\ud83c\udf1f Feel free to discuss this issue in @itsectalk \ud83d\udc4d Please vote if this information was helpful to you.", "creation_timestamp": "2021-01-27T10:50:52.000000Z"}, {"uuid": "e8145227-f0f4-4c44-9763-061a53b107a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2577", "content": "#exploit\nCVE-2021-3156 (\"Baron Samedit\"):\nHeap-Based Buffer Overflow in Sudo\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit\n// affects all legacy versions from 1.8.2 to 1.8.31p2, all stable versions from 1.9.0 to 1.9.5p1 in their default configuration", "creation_timestamp": "2024-10-09T19:50:12.000000Z"}, {"uuid": "708be98a-a3db-4960-9a24-f07e197cd2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2605", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (january 1-31)\nCVE-2021-3156:\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-16875:\nhttps://t.me/cybersecuritytechnologies/1751\nCVE-2020-29583:\nhttps://t.me/cybersecuritytechnologies/2386\nCVE-2021-2109:\nhttps://t.me/cybersecuritytechnologies/2540\nCVE-2020-17519:\nhttps://t.me/cybersecuritytechnologies/2473\nCVE-2020-25684/25685/25686:\nhttps://t.me/cybersecuritytechnologies/2534\nCVE-2021-3011:\nhttps://t.me/cybersecuritytechnologies/2447", "creation_timestamp": "2025-01-04T20:01:45.000000Z"}, {"uuid": "815fa54f-8b0a-4c06-b8f0-a444b66e305d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2807", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 22-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-3177 - Python3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2021-21973 - VMware vCenter SSRF\nhttps://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1\nCVE-2017-0005 - Windows GDI EoP\nhttps://t.me/cybersecuritytechnologies/443\nCVE-2021-24093 - Win Graph. Component RCE\nhttps://t.me/cybersecuritytechnologies/2806\nCVE-2021-25281/25282 - SaltStack Exploit\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-25281\nCVE-2018-19518 - PHP IMAP Vuln.\nhttps://t.me/cybersecuritytechnologies/1649", "creation_timestamp": "2021-03-01T11:00:27.000000Z"}, {"uuid": "6d974098-b5d4-4f46-878d-0a5b84d71478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2815", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (feb 1-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2021-24074, CVE-2021-24094, CVE-2021-24086 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday", "creation_timestamp": "2021-03-03T05:37:03.000000Z"}, {"uuid": "2ed80b67-8c8b-4a16-813c-d7d90a19f1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2955", "content": "#Analytics\n10 most exploited vulnerabilities of the week (march 15 - 21)\nCVE-2021-26855/27065 - ProxyLogon MS Exchange Server RCE\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-22986/22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-27076 - A Replay-style Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-21193:\nGoogle Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-27076:\nReplay Deserialization Attack Against SharePoint\nhttps://t.me/cybersecuritytechnologies/2930\nCVE-2021-27889, CVE-2021-27890:\nMyBB RCE Chain\nhttps://blog.sonarsource.com/mybb-remote-code-execution-chain", "creation_timestamp": "2021-03-29T05:54:18.000000Z"}, {"uuid": "d49c57aa-f21a-453f-85a9-52ac65b999b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3219", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 19-25)\nCVE-2021-3156 Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 Win kernel 0-day\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-22893 Pulse SecureVPN RCE\nhttps://t.me/cybersecuritytechnologies/3185\nCVE-2021-22204 Improper neutralization of user data in DjVu\nhttps://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800\nCVE-2021-26415 Win Installer EoP\nhttps://t.me/cybersecuritytechnologies/3186\nCVE-2021-3493 OverlayFS PE\nhttps://t.me/cybersecuritytechnologies/3164\nCVE-2021-26413 Win Installer Spoofing\nhttps://t.me/cybersecuritytechnologies/3176\nCVE-2016-7836 SKYSEA Client View Arbitrary Code Exec\nhttps://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software\nCVE-2021-27905 Apache Solr SSRF\nhttps://t.me/cybersecuritytechnologies/3213", "creation_timestamp": "2021-04-26T11:02:21.000000Z"}, {"uuid": "2c31665c-0efb-48d8-a9c2-c4eff16ea61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2661", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 1-7)\nCVE-2020-1350 - Exploit SIGRed/Windows DNS Server RCE\nhttps://t.me/cybersecuritytechnologies/1422\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2020-7961 - Arbitrary code execution via JSONWS\nhttps://t.me/cybersecuritytechnologies/869\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2019-9041 - ZzzCMS RCE\nhttps://mobile.twitter.com/i/web/status/1357931580098899970\nCVE-2021-22122 - XSS vulnerability in FortiWeb\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-22122\nCVE-2019-5127 - A cmd injection in YouPHPTube Encoder\nhttps://mobile.twitter.com/i/web/status/1357546718821142528\nCVE-2020-17523 - Apache Shiro pathMatches Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/2650", "creation_timestamp": "2024-05-22T06:15:17.000000Z"}, {"uuid": "b3475a40-433e-4139-9e1e-1cd35a794f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2712", "content": "#Blue_Team_Techniques\n1. Auditd CVE 2021-3156\nhttps://www.archcloudlabs.com/projects/auditd-cve-2021-3156\n2. Linux IPC inspection tool\nhttps://github.com/guardicore/ipcdump", "creation_timestamp": "2021-02-15T12:00:33.000000Z"}, {"uuid": "2a6dc345-51d8-4e5d-9a64-1b023128d058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2708", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 8-14)\nCVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT in targeted attack\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2020-2037 - Palo Alto PAN-OS vulnerability\nhttps://t.me/cybersecuritytechnologies/2687\nCVE-2021-24074, CVE-2021-24086, CVE-2021-24094 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE vulnerability\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-21017 - Acrobat Reader DC\u00a0a heap-based buffer overflow vulnerability\nhttps://threatpost.com/critical-adobe-windows-flaw/163789\nCVE-2020-24581 - D-Link DSL-2888A AU_2.31_V1x - RCE\nhttps://t.me/cybersecuritytechnologies/2670", "creation_timestamp": "2021-02-15T11:00:19.000000Z"}, {"uuid": "f9aaf8c1-5934-4aab-b3e3-cbfe8db80178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2759", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 15-21)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1647 - MS Defender RCE Vulnerability\nhttps://www.anquanke.com/post/id/231625\nCVE-2020-10759 - Dazed Blesbok\nhttps://t.me/cybersecuritytechnologies/1243\nCVE-2021-21976 - VMware Post-Auth RCE in vSphere Replication\nCVE-2021-3177 - Python 3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2020-8625 - A vulnerability in BIND's GSSAPI\nhttps://kb.isc.org/docs/cve-2020-8625\nCVE-2021-20655\nhttps://jvn.jp/en/jp/JVN58774946/index.html\nCVE-2021-1366 - A vulnerability in the interprocess communication channel of Cisco AnyConnect Secure Client\nhttps://www.coresecurity.com/core-labs/articles/analysis-cisco-anyconnect-posture-hostscan-local-privilege-escalation-cve-2021", "creation_timestamp": "2021-02-22T14:45:11.000000Z"}, {"uuid": "aaf34067-07c1-4498-8ebf-ab615e893c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://t.me/LearnExploit/1950", "content": "CVE-2021-3156\n\n\u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc Root \u0628\u06af\u06cc\u0631\u06cc\u062f !\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0633\u0631\u0631\u06cc\u0632\u0650 \u0628\u0627\u0641\u0631 \u0647\u06cc\u067e \u062f\u0631 sudo \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0648\u062a \u0628\u06af\u06cc\u0631\u0646\u062f . \n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc sudo ( \u0627\u0632 1.8.2 \u062a\u0627  1.8.31p2 ) \u0648 \u062a\u0645\u0627\u0645 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u067e\u0627\u06cc\u062f\u0627\u0631 \u0622\u0646 ( \u0627\u0632 1.9.0 \u062a\u0627 1.9.5p1 ) \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc \u06af\u06cc\u0631\u0646\u062f. \n\n\u067e\u06cc\u0634\u0646\u0647\u0627\u062f \u0645\u06cc\u0634\u0647 \u0647\u0631\u0686\u06cc \u0633\u0631\u06cc\u0639 \u062a\u0631 sudo  \u0631\u0648 \u0627\u0632 \u0644\u06cc\u0646\u06a9\u06cc \u06a9\u0647 \u067e\u0627\u06cc\u06cc\u0646 \u0647\u0633\u062a  \u0628\u0647 \u0646\u0633\u062e\u0647 1.9.5p2 \u0622\u067e\u062f\u06cc\u062a \u06a9\u0646\u06cc\u062f . \n\nCVE-2021-3156\n\nSudo \n\niliyahr\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2021-01-28T13:11:39.000000Z"}, {"uuid": "b4c5efb7-9c8e-4883-a4eb-7ff72f45c4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "published-proof-of-concept", "source": "https://t.me/dc7342/39207", "content": "\u041a\u0430\u043a\u0430\u044f \u043f\u0440\u0435\u043a\u0440\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 sudo \n\nhttps://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit", "creation_timestamp": "2021-01-28T02:13:09.000000Z"}, {"uuid": "71ed0c26-a9d6-4bd5-8f3a-f011ee1e048c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "exploited", "source": "https://t.me/dc7342/39216", "content": "PoC \u043d\u0430 sudo https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156", "creation_timestamp": "2021-01-30T07:06:12.000000Z"}, {"uuid": "314980f8-bc4e-45b0-aa30-d2bcb7a977e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/alexpolyarny/91b373b7118a0abcbd4bfeac4a2d9236", "content": "", "creation_timestamp": "2026-04-30T15:27:08.000000Z"}, {"uuid": "eff964ba-7bf4-4f61-b570-7cf0ae2e4f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "Telegram/bHi0C_1X3UQY4vSzaBxEvNEoHfcfml9twdWPYQW312YrRTo", "content": "", "creation_timestamp": "2026-05-28T03:00:06.000000Z"}, {"uuid": "9b197a2b-413e-4b8f-b8c8-4100efca9764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3156", "type": "seen", "source": "https://gist.github.com/mimti-94/4aa8b83c3a590b685b9e61aefb2762ed", "content": "\ud83d\udcda 100 QUESTIONS-R\u00c9PONSES JURY TSSR\n\n\ud83d\udc27 LINUX (20 questions)\nQ1 \u2014 Diff\u00e9rence entre apt update et apt upgrade ?\n\napt update = met \u00e0 jour la liste des paquets disponibles. apt upgrade = installe les nouvelles versions des paquets d\u00e9j\u00e0 install\u00e9s. On fait toujours update AVANT upgrade.\n\nQ2 \u2014 Comment analyser un service qui ne d\u00e9marre pas ?\n\nsystemctl status nom_service pour voir l'erreur, puis journalctl -xe pour les logs d\u00e9taill\u00e9s.\n\nQ3 \u2014 R\u00f4le de systemctl ?\n\nCommande qui permet de d\u00e9marrer, arr\u00eater, red\u00e9marrer et surveiller les services Linux.\n\nQ4 \u2014 Diff\u00e9rence lien symbolique et lien physique ?\n\nLien symbolique = raccourci vers un fichier, si l'original est supprim\u00e9 le lien est cass\u00e9. Lien physique = deuxi\u00e8me nom pour le m\u00eame fichier, fonctionne m\u00eame si l'original est supprim\u00e9.\n\nQ5 \u2014 Comment chercher dans les logs ?\n\ngrep \"erreur\" /var/log/apache2/error.log pour chercher un mot. journalctl -u apache2 pour les logs d'un service. tail -f /var/log/syslog pour suivre en temps r\u00e9el.\n\nQ6 \u2014 Expliquer chmod 755 ?\n\n7 = rwx (propri\u00e9taire peut tout faire), 5 = r-x (groupe peut lire et ex\u00e9cuter), 5 = r-x (autres peuvent lire et ex\u00e9cuter).\n\nQ7 \u2014 Diff\u00e9rence entre su et sudo ?\n\nsu = changer d'utilisateur compl\u00e8tement. sudo = ex\u00e9cuter une seule commande en tant qu'administrateur sans changer d'utilisateur.\n\nQ8 \u2014 Comment voir l'espace disque ?\n\ndf -h pour voir l'espace par partition. du -sh /dossier pour voir la taille d'un dossier.\n\nQ9 \u2014 Comment voir les processus en cours ?\n\nps aux pour lister tous les processus. top ou htop pour une vue en temps r\u00e9el.\n\nQ10 \u2014 Diff\u00e9rence entre /etc/passwd et /etc/shadow ?\n\n/etc/passwd = liste des utilisateurs avec infos de base. /etc/shadow = mots de passe chiffr\u00e9s, accessible uniquement par root.\n\nQ11 \u2014 Comment cr\u00e9er un utilisateur Linux ?\n\nadduser nomutilisateur \u2014 cr\u00e9e l'utilisateur avec son dossier home automatiquement.\n\nQ12 \u2014 Comment monter un partage NFS ?\n\nsudo mount -t nfs IP_SERVEUR:/chemin/partage /point/de/montage\n\nQ13 \u2014 Comment v\u00e9rifier qu'un dossier est un point de montage NFS ?\n\nmountpoint -q /chemin \u2014 renvoie 0 si mont\u00e9, 1 si non mont\u00e9.\n\nQ14 \u2014 Comment planifier une t\u00e2che automatique ?\n\ncrontab -e pour \u00e9diter. Format : minute heure jour mois jour_semaine commande. Exemple : 0 * * * * = toutes les heures.\n\nQ15 \u2014 Comment compresser un dossier en tar.gz ?\n\ntar -czvf archive.tar.gz /dossier/source\n\nQ16 \u2014 Comment voir les droits d'un fichier ?\n\nls -lh \u2014 affiche les droits, propri\u00e9taire, groupe, taille et date.\n\nQ17 \u2014 Diff\u00e9rence entre vi et nano ?\n\nLes deux sont des \u00e9diteurs de texte. Nano est plus simple pour d\u00e9butant. Vi est plus puissant mais complexe.\n\nQ18 \u2014 Comment voir les connexions r\u00e9seau actives ?\n\nss -tuln ou netstat -tuln \u2014 affiche les ports ouverts et connexions actives.\n\nQ19 \u2014 R\u00f4le du fichier /etc/hosts ?\n\nR\u00e9solution locale des noms de domaine \u2014 avant de demander au DNS, Linux v\u00e9rifie ce fichier.\n\nQ20 \u2014 Comment rediriger la sortie d'une commande vers un fichier ?\n\ncommande > fichier.txt pour \u00e9craser. commande >> fichier.txt pour ajouter \u00e0 la suite.\n\n\n\ud83c\udf10 R\u00c9SEAU IP (20 questions)\nQ21 \u2014 Diff\u00e9rence entre switch et routeur ?\n\nSwitch = connecte des machines dans un m\u00eame r\u00e9seau local. Routeur = connecte des r\u00e9seaux diff\u00e9rents entre eux et g\u00e8re le trafic vers Internet.\n\nQ22 \u2014 C'est quoi un VLAN et pourquoi l'utiliser ?\n\nVLAN = r\u00e9seau virtuel sur un switch physique. \u00c7a sert \u00e0 s\u00e9parer le trafic, am\u00e9liorer la s\u00e9curit\u00e9 et les performances sans avoir besoin de plusieurs switches physiques.\n\nQ23 \u2014 Diff\u00e9rence port Access et port Trunk ?\n\nAccess = appartient \u00e0 un seul VLAN. Trunk = transporte plusieurs VLANs en m\u00eame temps, utilis\u00e9 entre switches.\n\nQ24 \u2014 C'est quoi le DHCP ? Processus DORA ?\n\nDHCP = attribue automatiquement une IP aux machines. DORA = Discover (je cherche un serveur DHCP) \u2192 Offer (voici une IP disponible) \u2192 Request (je veux cette IP) \u2192 Acknowledge (c'est valid\u00e9).\n\nQ25 \u2014 C'est quoi le DNS ?\n\nDNS = traduit un nom de domaine en adresse IP. Ex : google.com \u2192 142.250.74.46.\n\nQ26 \u2014 Diff\u00e9rence entre adresse IP publique et priv\u00e9e ?\n\nPriv\u00e9e = utilis\u00e9e dans un r\u00e9seau local (192.168.x.x, 10.x.x.x, 172.16.x.x). Publique = utilis\u00e9e sur Internet, unique dans le monde.\n\nQ27 \u2014 C'est quoi le NAT ?\n\nNAT = traduit les adresses IP priv\u00e9es en adresse publique pour acc\u00e9der \u00e0 Internet. Masquerade = tout le r\u00e9seau partage une seule IP publique.\n\nQ28 \u2014 C'est quoi LACP ?\n\nAgr\u00e9gation de liens = regrouper plusieurs c\u00e2bles r\u00e9seau pour avoir plus de d\u00e9bit et de redondance. Si un c\u00e2ble tombe, les autres continuent.\n\nQ29 \u2014 C'est quoi RSTP ?\n\nProtocole qui emp\u00eache les boucles r\u00e9seau. Si deux chemins existent entre deux switches, RSTP en bloque un pour \u00e9viter une temp\u00eate de broadcast.\n\nQ30 \u2014 C'est quoi le MTU ?\n\nMaximum Transmission Unit = taille maximale d'un paquet r\u00e9seau. MTU standard = 1500 octets. Jumbo frames = 9216 octets pour les transferts de donn\u00e9es en datacenter.\n\nQ31 \u2014 Commandes de diagnostic r\u00e9seau ?\n\nping = tester si une machine r\u00e9pond. traceroute = voir le chemin des paquets. nslookup = r\u00e9soudre un nom DNS. ip r = voir la table de routage.\n\nQ32 \u2014 C'est quoi le mod\u00e8le OSI ?\n\n7 couches : Physique, Liaison, R\u00e9seau, Transport, Session, Pr\u00e9sentation, Application. Moyen mn\u00e9motechnique : \"Pour Les Gens, TSSRest Particuli\u00e8rement Adapt\u00e9.\"\n\nQ33 \u2014 Diff\u00e9rence TCP et UDP ?\n\nTCP = fiable, v\u00e9rifie que les paquets arrivent (HTTP, SSH). UDP = rapide mais sans v\u00e9rification (streaming, DNS).\n\nQ34 \u2014 C'est quoi iDRAC ?\n\nInterface d'administration \u00e0 distance des serveurs Dell. Permet de g\u00e9rer le serveur m\u00eame s'il est \u00e9teint ou plant\u00e9 \u2014 comme un KVM virtuel.\n\nQ35 \u2014 C'est quoi le LLDP ?\n\nProtocole de d\u00e9couverte qui permet \u00e0 un \u00e9quipement r\u00e9seau de conna\u00eetre ses voisins directement connect\u00e9s.\n\nQ36 \u2014 Comment calculer un sous-r\u00e9seau ?\n\n/24 = 254 h\u00f4tes, /25 = 126 h\u00f4tes, /26 = 62 h\u00f4tes, /27 = 30 h\u00f4tes, /28 = 14 h\u00f4tes. VLSM = d\u00e9couper selon les besoins r\u00e9els.\n\nQ37 \u2014 C'est quoi une passerelle par d\u00e9faut ?\n\nL'adresse IP du routeur \u2014 quand une machine ne sait pas o\u00f9 envoyer un paquet, elle l'envoie \u00e0 la passerelle.\n\nQ38 \u2014 Diff\u00e9rence entre hub et switch ?\n\nHub = envoie les donn\u00e9es \u00e0 tout le monde. Switch = envoie les donn\u00e9es uniquement \u00e0 la bonne machine gr\u00e2ce \u00e0 la table MAC.\n\nQ39 \u2014 C'est quoi SSH ?\n\nProtocole de connexion \u00e0 distance s\u00e9curis\u00e9 et chiffr\u00e9. Port 22. Remplace Telnet qui n'est pas chiffr\u00e9.\n\nQ40 \u2014 C'est quoi IGMP snooping ?\n\nOptimise le trafic multicast sur un switch \u2014 envoie les flux multicast uniquement aux machines qui les demandent, pas \u00e0 tout le monde.\n\n\n\ud83d\udcbb VIRTUALISATION (10 questions)\nQ41 \u2014 Diff\u00e9rence VM et conteneur ?\n\nVM = syst\u00e8me complet avec son propre OS. Conteneur = partage l'OS de l'h\u00f4te, plus l\u00e9ger et rapide. Docker = conteneurs. VirtualBox/VMware = VMs.\n\nQ42 \u2014 Hyperviseur type 1 et type 2 ?\n\nType 1 = install\u00e9 directement sur le mat\u00e9riel (VMware ESXi, Hyper-V). Type 2 = install\u00e9 sur un OS existant (VirtualBox, VMware Workstation).\n\nQ43 \u2014 C'est quoi un snapshot ?\n\nPhoto de l'\u00e9tat d'une VM \u00e0 un instant T. Permet de revenir en arri\u00e8re si une modification casse quelque chose.\n\nQ44 \u2014 Avantages de la virtualisation ?\n\nR\u00e9duction des co\u00fbts mat\u00e9riels, isolation des services, snapshots, facilit\u00e9 de sauvegarde, d\u00e9ploiement rapide.\n\nQ45 \u2014 C'est quoi OPNsense ?\n\nPare-feu open source bas\u00e9 sur FreeBSD. G\u00e8re le routage, le firewall, le NAT, le DHCP, et les VPNs.\n\nQ46 \u2014 C'est quoi TrueNAS ?\n\nSolution open source de stockage en r\u00e9seau (NAS). G\u00e8re les partages NFS, SMB, les datasets et les snapshots ZFS.\n\nQ47 \u2014 Diff\u00e9rence entre mode NAT, Bridge et R\u00e9seau interne ?\n\nNAT = VM acc\u00e8de \u00e0 Internet via l'h\u00f4te, pas accessible de l'ext\u00e9rieur. Bridge = VM a sa propre IP sur le r\u00e9seau physique. R\u00e9seau interne = VMs communiquent entre elles uniquement.\n\nQ48 \u2014 Comment sauvegarder une VM ?\n\nSnapshot pour \u00e9tat rapide. Export OVF pour sauvegarder compl\u00e8tement. Sauvegarde des fichiers .vmdk (disque virtuel).\n\nQ49 \u2014 C'est quoi le r\u00f4le d'un serveur MGMT ?\n\nMachine d'administration d\u00e9di\u00e9e \u2014 sert uniquement \u00e0 g\u00e9rer les autres \u00e9quipements, s\u00e9par\u00e9e du r\u00e9seau de production pour la s\u00e9curit\u00e9.\n\nQ50 \u2014 C'est quoi NFS ?\n\nNetwork File System = protocole de partage de fichiers entre machines Linux en r\u00e9seau. Le client monte le partage comme un dossier local.\n\n\n\ud83e\ude9f WINDOWS SERVER / ACTIVE DIRECTORY (15 questions)\nQ51 \u2014 C'est quoi Active Directory ?\n\nService de Microsoft qui g\u00e8re les utilisateurs, les ordinateurs et les droits d'acc\u00e8s dans un r\u00e9seau d'entreprise de mani\u00e8re centralis\u00e9e.\n\nQ52 \u2014 C'est quoi une OU ?\n\nUnit\u00e9 d'Organisation = dossier dans l'AD pour classer les objets (utilisateurs, ordinateurs) par service ou d\u00e9partement.\n\nQ53 \u2014 C'est quoi une GPO ?\n\nGroup Policy Object = politique qui s'applique automatiquement \u00e0 des utilisateurs ou ordinateurs \u2014 exemple : imposer un fond d'\u00e9cran, bloquer USB, forcer le changement de mot de passe.\n\nQ54 \u2014 Diff\u00e9rence groupe local, global et universel ?\n\nLocal = droits sur la machine locale. Global = regroupe des utilisateurs du domaine. Universel = utilis\u00e9 dans les for\u00eats AD multiples.\n\nQ55 \u2014 C'est quoi Kerberos ?\n\nProtocole d'authentification utilis\u00e9 par Active Directory. Fonctionne avec des tickets \u2014 quand tu te connectes, tu re\u00e7ois un ticket qui prouve ton identit\u00e9 sans retransmettre ton mot de passe.\n\nQ56 \u2014 C'est quoi les r\u00f4les FSMO ?\n\n5 r\u00f4les sp\u00e9ciaux dans AD : Sch\u00e9ma Master, Domain Naming Master, PDC Emulator, RID Master, Infrastructure Master. Le PDC Emulator g\u00e8re notamment la synchronisation des mots de passe.\n\nQ57 \u2014 Pourquoi d\u00e9sactiver un compte plut\u00f4t que le supprimer ?\n\nPour garder la tra\u00e7abilit\u00e9 \u2014 l'historique, les droits et les donn\u00e9es associ\u00e9es sont pr\u00e9serv\u00e9s. On peut r\u00e9activer si besoin.\n\nQ58 \u2014 C'est quoi le DNS int\u00e9gr\u00e9 \u00e0 l'AD ?\n\nL'AD utilise le DNS pour localiser les contr\u00f4leurs de domaine. Sans DNS, l'AD ne fonctionne pas correctement.\n\nQ59 \u2014 Comment cr\u00e9er un utilisateur dans AD ?\n\nActive Directory Users and Computers \u2192 clic droit sur l'OU \u2192 Nouveau \u2192 Utilisateur \u2192 remplir nom, login, mot de passe.\n\nQ60 \u2014 C'est quoi un contr\u00f4leur de domaine ?\n\nServeur qui h\u00e9berge Active Directory et g\u00e8re l'authentification de tous les utilisateurs du domaine.\n\nQ61 \u2014 C'est quoi WDS ?\n\nWindows Deployment Services = d\u00e9ploie automatiquement Windows sur des postes via le r\u00e9seau, sans DVD ni cl\u00e9 USB.\n\nQ62 \u2014 C'est quoi Sysprep ?\n\nOutil Windows qui pr\u00e9pare une image syst\u00e8me pour \u00eatre d\u00e9ploy\u00e9e sur plusieurs machines \u2014 supprime les identifiants uniques pour que chaque poste ait les siens.\n\nQ63 \u2014 C'est quoi RDP ?\n\nRemote Desktop Protocol = protocole de bureau \u00e0 distance Windows. Port 3389.\n\nQ64 \u2014 Diff\u00e9rence entre authentification et autorisation ?\n\nAuthentification = v\u00e9rifier qui tu es (login/mot de passe). Autorisation = v\u00e9rifier ce que tu as le droit de faire.\n\nQ65 \u2014 C'est quoi une for\u00eat dans AD ?\n\nEnsemble de plusieurs domaines AD qui partagent le m\u00eame sch\u00e9ma et une relation de confiance entre eux.\n\n\n\ud83d\udcbe SAUVEGARDES (15 questions)\nQ66 \u2014 Diff\u00e9rence sauvegarde compl\u00e8te, incr\u00e9mentale et diff\u00e9rentielle ?\n\nCompl\u00e8te = tout sauvegarder. Incr\u00e9mentale = sauvegarder uniquement ce qui a chang\u00e9 depuis la derni\u00e8re sauvegarde (compl\u00e8te ou incr\u00e9mentale). Diff\u00e9rentielle = sauvegarder tout ce qui a chang\u00e9 depuis la derni\u00e8re sauvegarde compl\u00e8te uniquement.\n\nQ67 \u2014 C'est quoi le RPO ?\n\nRecovery Point Objective = perte de donn\u00e9es maximale acceptable. Ex : RPO = 1h = on peut perdre au maximum 1h de donn\u00e9es.\n\nQ68 \u2014 C'est quoi le RTO ?\n\nRecovery Time Objective = temps maximum pour r\u00e9tablir le service apr\u00e8s une panne. Ex : RTO = 4h = le service doit \u00eatre r\u00e9tabli en moins de 4h.\n\nQ69 \u2014 C'est quoi la r\u00e8gle 3-2-1 ?\n\n3 copies des donn\u00e9es, sur 2 supports diff\u00e9rents, dont 1 hors site (cloud ou autre b\u00e2timent).\n\nQ70 \u2014 Pourquoi tester les restaurations ?\n\nUne sauvegarde non test\u00e9e n'est pas fiable. Le test confirme que les donn\u00e9es sont r\u00e9cup\u00e9rables et int\u00e8gres.\n\nQ71 \u2014 C'est quoi mysqldump ?\n\nCommande Linux pour sauvegarder une base de donn\u00e9es MySQL/MariaDB en fichier SQL. mysqldump -u root -p glpi > backup.sql\n\nQ72 \u2014 Pourquoi v\u00e9rifier que le NFS est mont\u00e9 avant de sauvegarder ?\n\nPour \u00e9viter d'\u00e9crire localement en croyant sauvegarder sur le NAS \u2014 si le NAS n'est pas mont\u00e9 et qu'on n'arr\u00eate pas le script, les sauvegardes s'accumulent localement et saturent le disque.\n\nQ73 \u2014 C'est quoi la rotation des sauvegardes ?\n\nSupprimer automatiquement les anciennes sauvegardes pour lib\u00e9rer de l'espace. Dans ton script : find -mtime +7 -delete supprime les archives de plus de 7 jours.\n\nQ74 \u2014 Pourquoi journaliser les sauvegardes ?\n\nPour avoir une trace de chaque ex\u00e9cution \u2014 succ\u00e8s ou \u00e9chec \u2014 et pouvoir diagnostiquer un probl\u00e8me.\n\nQ75 \u2014 C'est quoi un PRA ?\n\nPlan de Reprise d'Activit\u00e9 = proc\u00e9dure pour red\u00e9marrer les services informatiques apr\u00e8s un sinistre majeur.\n\nQ76 \u2014 C'est quoi un PCA ?\n\nPlan de Continuit\u00e9 d'Activit\u00e9 = proc\u00e9dure pour que l'activit\u00e9 ne s'arr\u00eate jamais, m\u00eame en cas de sinistre.\n\nQ77 \u2014 Diff\u00e9rence PRA et PCA ?\n\nPCA = ne jamais s'arr\u00eater. PRA = red\u00e9marrer apr\u00e8s un arr\u00eat.\n\nQ78 \u2014 C'est quoi le chiffrement des sauvegardes ?\n\nEncoder les donn\u00e9es sauvegard\u00e9es pour qu'elles soient illisibles sans la cl\u00e9 \u2014 prot\u00e8ge en cas de vol du support.\n\nQ79 \u2014 C'est quoi tar et quelles options utiliser ?\n\ntar -czvf = cr\u00e9er une archive compress\u00e9e. c = cr\u00e9er, z = compresser gzip, v = verbose, f = nom du fichier.\n\nQ80 \u2014 Comment v\u00e9rifier qu'une sauvegarde s'est bien pass\u00e9e ?\n\nV\u00e9rifier le fichier backup.log, contr\u00f4ler la taille du fichier cr\u00e9\u00e9, tester une restauration sur une VM de test.\n\n\n\u2699\ufe0f SCRIPTS (10 questions)\nQ81 \u2014 Pourquoi automatiser avec des scripts ?\n\nGagner du temps, \u00e9viter les erreurs humaines, assurer la r\u00e9gularit\u00e9 des t\u00e2ches r\u00e9p\u00e9titives.\n\nQ82 \u2014 Diff\u00e9rence Bash et PowerShell ?\n\nBash = shell Linux/Unix. PowerShell = shell Windows, orient\u00e9 objet, plus puissant pour administrer Windows et Active Directory.\n\nQ83 \u2014 C'est quoi une variable en Bash ?\n\nMAVARIABLE=\"valeur\" pour d\u00e9clarer. $MAVARIABLE pour utiliser.\n\nQ84 \u2014 C'est quoi une boucle for en Bash ?\nbashfor i in 1 2 3; do\n    echo \"Num\u00e9ro $i\"\ndone\nQ85 \u2014 Comment g\u00e9rer les erreurs dans un script Bash ?\n\nif ! commande; then echo \"Erreur\"; exit 1; fi \u2014 tester le r\u00e9sultat d'une commande et arr\u00eater si \u00e7a \u00e9choue.\n\nQ86 \u2014 C'est quoi le shebang ?\n\n#!/bin/bash en premi\u00e8re ligne du script \u2014 indique quel interpr\u00e9teur utiliser.\n\nQ87 \u2014 Comment rendre un script ex\u00e9cutable ?\n\nchmod +x monscript.sh puis ./monscript.sh pour l'ex\u00e9cuter.\n\nQ88 \u2014 C'est quoi cron ?\n\nPlanificateur de t\u00e2ches Linux. crontab -e pour \u00e9diter. Format : * * * * * commande (minute heure jour mois jour_semaine).\n\nQ89 \u2014 C'est quoi exit 0 et exit 1 ?\n\nexit 0 = script termin\u00e9 avec succ\u00e8s. exit 1 = script termin\u00e9 avec une erreur.\n\nQ90 \u2014 Comment passer des param\u00e8tres \u00e0 un script Bash ?\n\n$1 = premier param\u00e8tre, $2 = deuxi\u00e8me. Exemple : ./script.sh param1 param2\n\n\n\ud83d\udd12 S\u00c9CURIT\u00c9 (10 questions)\nQ91 \u2014 C'est quoi le principe du moindre privil\u00e8ge ?\n\nN'accorder \u00e0 un utilisateur ou un syst\u00e8me que les droits strictement n\u00e9cessaires \u00e0 sa fonction \u2014 pas plus.\n\nQ92 \u2014 C'est quoi un SIEM ?\n\nSecurity Information and Event Management = outil qui collecte et analyse les logs de toute l'infrastructure pour d\u00e9tecter les menaces en temps r\u00e9el.\n\nQ93 \u2014 C'est quoi un SOC ?\n\nSecurity Operations Center = \u00e9quipe et centre d\u00e9di\u00e9 \u00e0 surveiller, d\u00e9tecter et r\u00e9pondre aux incidents de s\u00e9curit\u00e9.\n\nQ94 \u2014 C'est quoi le MFA ?\n\nMulti-Factor Authentication = authentification avec plusieurs facteurs \u2014 mot de passe + code SMS ou application. Plus s\u00e9curis\u00e9 qu'un simple mot de passe.\n\nQ95 \u2014 C'est quoi une PSSI ?\n\nPolitique de S\u00e9curit\u00e9 des Syst\u00e8mes d'Information = document qui d\u00e9finit les r\u00e8gles de s\u00e9curit\u00e9 d'une organisation.\n\nQ96 \u2014 C'est quoi une CVE ?\n\nCommon Vulnerabilities and Exposures = identifiant unique pour une faille de s\u00e9curit\u00e9 connue. Ex : CVE-2021-3156 = faille sudo.\n\nQ97 \u2014 Diff\u00e9rence IDS et IPS ?\n\nIDS = d\u00e9tecte les intrusions et alerte. IPS = d\u00e9tecte ET bloque automatiquement.\n\nQ98 \u2014 C'est quoi le chiffrement TLS ?\n\nTransport Layer Security = chiffre les communications r\u00e9seau. Utilis\u00e9 par HTTPS pour s\u00e9curiser les \u00e9changes web.\n\nQ99 \u2014 C'est quoi la surface d'attaque ?\n\nL'ensemble des points d'entr\u00e9e potentiels pour un attaquant. R\u00e9duire la surface d'attaque = fermer les ports inutiles, d\u00e9sactiver les services non utilis\u00e9s.\n\nQ100 \u2014 C'est quoi la segmentation r\u00e9seau ?\n\nDiviser le r\u00e9seau en zones s\u00e9par\u00e9es (VLANs, DMZ) pour limiter la propagation d'une attaque \u2014 si un segment est compromis, les autres restent prot\u00e9g\u00e9s.\n\n", "creation_timestamp": "2026-06-01T06:23:40.000000Z"}]}