Detect Baron Samedit Cve-2021-3156 Via Osquery

Description

This search detects the heap-based buffer overflow of sudoedit

   Help

Detect Baron Samedit Cve-2021-3156 Via Osquery Help

OSQuery installed and configured to pick up process events (info at https://osquery.io) as well as using the Splunk OSQuery Add-on https://splunkbase.splunk.com/app/4402. The vulnerability is exposed when a non privledged user tries passing in a single \ character at the end of the command while using the shell and edit flags.

   Search

Open in Search