28. January 2021 | | 0 Comments

Linux/Unix/BSD/macOS: Critical sudo vulnerability grants root privileges to local attackers [for IT staff]. Buffer overflow with sudo - Please update as soon as possible!

The ten-year-old vulnerability CVE-2021-3156 allows local attackers to gain root privileges via sudo without sudo permissions.

Security firm Qualsys has found a vulnerability in “sudo” that allows local users – even without sudo permissions! – to gain root rights with a simple command. The vulnerability, also called “Baron Samedit” by Qualys, has been assigned the ID CVE-2021-3156.

According to Qualys, the security problem has existed since July 2011 and affects older sudo versions from 1.8.2 to 1.8.31p2 as well as current versions from 1.9.0 to 1.9.5p1 – in each case in the default configuration. In practice, this means that all current versions of Linux distributions and BSDs that use sudo should be affected. Several distributions have provided updated packages, which users should install as soon as possible. sudo 1.9.5p2 is secured.

CVE-2021-3156 is based on flaws in sudo command parsing that can cause a heap-based buffer overflow. The exploit is described as being based on entering the command “sudoedit -s” followed by a special command line argument ending in a single backslash.

Details can be found here:

According to Qualys, to test your system for vulnerability, after logging in without root privileges, you can try running the command “sudoedit -s /” (not a backslash as in the video). If the system is vulnerable, an error is displayed that begins with “sudoedit:”. If it is not vulnerable, an error message is also displayed – but with “usage:” at the beginning.

Current information from various distributions and manufacturers can be found here, among other places:

Sources:

Write a comment