Hi @worawit

i make python3 version of exploit_userspec.py via Python2 to 3 Conventer and try use it.
i get error "Cannot find cmnd size".
does this mean that this configuration is not usable or needs some work?

Traceback (most recent call last):
  File "exploit_userspec3.py", line 737, in <module>
    main()
  File "exploit_userspec3.py", line 653, in main
    cmnd_size = find_cmnd_size()
  File "exploit_userspec3.py", line 174, in find_cmnd_size
    assert found, "Cannot find cmnd size"
AssertionError: Cannot find cmnd size

$ sudo --version
Sudo version 1.8.16
Sudoers policy plugin version 1.8.16
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.16

$ uname -r
4.4.0-amd64

$ ldd --version
ldd (Ubuntu GLIBC 2.23-0ubuntu10) 2.23
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

It might be

• my exploit does not work with this configuration. I never found this case in my test VMs.
• the target is patched.

Note: my exploit should work with python2 and python3 without converting

Oh oke, what about work on old kernels 2.6.x ?! I get same error on any old kernels configurations.

Kernel 2.6.x should not have any effect on exploitation. I can exploit on CentOS 6, sudo version 1.8.6.

Normally, my exploit might because because of difference in sudo and glibc version/configuration.

Also most Linux with kernel 2.6.x were released with sudo version 1.7.x or very old 1.8.x which my exploit does not support.
Don't forget checking an exploit requirements from head of a file.