Detect Baron Samedit Cve-2021-3156 Segfault

Description

This search detects the heap-based buffer overflow of sudoedit

   Help

Detect Baron Samedit Cve-2021-3156 Segfault Help

Splunk Universal Forwarder running on Linux systems (tested on Centos and Ubuntu), where segfaults are being logged. This also captures instances where the exploit has been compiled into a binary. The detection looks for greater than 5 instances of sudoedit combined with segfault over your search time period on a single host

   Search

Open in Search