High Threat Security Alert (A21-01-08): Vulnerability in Sudo


 

Published on: 27 January 2021

  
  

Description:

A heap-based buffer overflow vulnerability was identified in Sudo package. A local attacker could exploit this vulnerability to run commands with root privilege without authentication.

A proof of concept (PoC) of the vulnerability is available on the Internet. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

All Linux/Unix operating systems installed with Sudo version:

  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1

 

Impact:

Successful exploitation of this vulnerability could lead to elevation of privilege on an affected system.

 

Recommendation:

Sudo has released version 1.9.5p2 to address the vulnerability. Major Linux/Unix distributions have also released relevant patches to fix the vulnerability. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of the patch, and if so, apply the patch or follow the recommendations provided by the product vendors to mitigate the risk.

  • Debian
    https://www.debian.org/security/2021/dsa-4839
  • Ubuntu
    https://ubuntu.com/security/CVE-2021-3156
  • RedHat
    https://access.redhat.com/security/cve/CVE-2021-3156
  • Slackware
    http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.461226
  • SUSE
    https://www.suse.com/security/cve/CVE-2021-3156/ 

 

More Information:

https://www.sudo.ws/alerts/unescape_overflow.html
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

 



Tag: Linux , Sudo , Unix
Tags