miglen · January 27, 2021 15:10
diff --git a/check-CVE-2021-3156.sh b/check-CVE-2021-3156.sh
 #!/bin/bash
 # Test and patch CVE-2021-3156

 patch() {
  # Simple method to patch with yum | apt
  if command -v apt-get >/dev/null; then
    sudo apt-get update
    sudo apt-get install $1
  elif command -v yum >/dev/null; then
    sudo yum updateinfo $1
    sudo yum update $1
  else
    echo "ERROR: Can't help you out patching $1"
  fi
  # Check again
  check
 }

 check() {
  # Run sample overflow from https://bit.ly/3iPXxpO
  sudoedit -s '\' `perl -e 'print "A" x 65536'` &>/dev/null
  status=$?
  
  if [[ ${status} -eq 134 ]]
  then
    echo "ERROR: sudo is not yet patched for CVE-2021-3156. Version: "
    sudo --version
    # Patch? 
      while true; do
          read -p "Do you want to patch? (yes/no)" yn
          case $yn in
              [Yy]* ) patch sudo;;
              [Nn]* ) exit;;
              * ) echo "ERROR: Please answer yes or no.";;
          esac
      done
  else
    echo "OK: You are patched."
    sudo --version
  fi
 }

 check
	#!/bin/bash
	# Test and patch CVE-2021-3156

	patch() {
	# Simple method to patch with yum \| apt
	if command -v apt-get >/dev/null; then
	sudo apt-get update
	sudo apt-get install $1
	elif command -v yum >/dev/null; then
	sudo yum updateinfo $1
	sudo yum update $1
	else
	echo "ERROR: Can't help you out patching $1"
	fi
	# Check again
	check
	}

	check() {
	# Run sample overflow from https://bit.ly/3iPXxpO
	sudoedit -s '\' `perl -e 'print "A" x 65536'` &>/dev/null
	status=$?

	if [[ ${status} -eq 134 ]]
	then
	echo "ERROR: sudo is not yet patched for CVE-2021-3156. Version: "
	sudo --version
	# Patch?
	while true; do
	read -p "Do you want to patch? (yes/no)" yn
	case $yn in
	[Yy]* ) patch sudo;;
	[Nn]* ) exit;;
	* ) echo "ERROR: Please answer yes or no.";;
	esac
	done
	else
	echo "OK: You are patched."
	sudo --version
	fi
	}

	check