Sudo Vulnerability - Buffer Overflow Issue in Sudo's Baron Samedit, Identified as CVE-2021-3156 (Heap-Based)
Sudo, a utility included in most Unix- and Linux-based operating systems, has a heap overflow vulnerability that was recently discovered by the Qualys Research Team. This vulnerability, identified as CVE-2021-3156, affects various versions of Sudo and could potentially expose systems to security risks.
The vulnerability affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration. However, it's important to note that operating system vendors may not update the software's version number after introducing a patch, which can lead to systems showing as not vulnerable even when they are.
To test if a system is vulnerable, login as a non-root user and run the command "sudoedit -s /". If the system is vulnerable, it will respond with an error that starts with "sudoedit:".
Qualys is releasing QIDs for this vulnerability as they become available. The generic QID (374891) for CVE-2021-3156 has already been released, and QIDs based on package versions will follow. These QIDs can be found in the Qualys vulnerability knowledgebase, and Qualys customers can search for CVE-2021-3156 to identify all the QIDs and assets vulnerable for this vulnerability.
The vulnerable code is in the function set_cmnd() and is triggered when Sudo is executed in "shell" mode, either through the -s option or the -i option. The vulnerability allows an attacker to overflow the heap-based buffer "user_args" through a command-line argument that ends with a single backslash character.
Qualys security researchers have been able to independently verify the vulnerability and develop multiple exploit variants. However, Qualys has decided not to publish exploit code for this vulnerability to minimise potential harm.
Qualys recommends users apply patches for this vulnerability immediately. Certain Linux distributions had coverage before others for the vulnerability, as some security advisories and patches were released earlier than others.
The Baron Samedit | Heap-based buffer overflow Sudo dashboard is available for tracking trends in the environment using trending enabled for dashboard widgets. This dashboard can be viewed and downloaded for real-time tracking of the vulnerability CVE-2021-3156.
The vulnerability was reported to Todd.Miller@sudo on January 13, 2021, and the coordinated release was on January 26, 2021, at 6:00 PM UTC.
Besides macOS, AIX, and Solaris, all operating systems running the vulnerable Sudo version are potentially affected by the CVE-2021-3156 security vulnerability. It's crucial for system administrators to stay vigilant and apply patches promptly to mitigate the risks associated with this vulnerability.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Malicious applications with 38 million installs on Google Play have been removed; here's what you can do to ensure your device's security.
- Business Woes Unveiled: The Sticky Situation of PCI Compliance Revealed as a Valuable Ally for Your Enterprise
- Insurance company Aflac reveals cyber attack, part of a broader criminal campaign aiming at the insurance sector industry
){kind=link}