Detect Baron Samedit Cve-2021-3156 Via Osquery
This search detects the heap-based buffer overflow of sudoedit
Detect Baron Samedit Cve-2021-3156 Via Osquery Help
OSQuery installed and configured to pick up process events (info at https://osquery.io) as well as using the Splunk OSQuery Add-on https://splunkbase.splunk.com/app/4402. The vulnerability is exposed when a non privledged user tries passing in a single \ character at the end of the command while using the shell and edit flags.
Open in Search