A heap-based overflow has been discovered in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.
From the Sudo Main Page:
Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.
It is possible for a local Non-administrative user to exploit this vulnerability to elevate their privileges so that they can execute commands with administrator privileges. The team at Qualys assigned this vulnerability CVE-2021-3156 and found multiple *nix operating systems were vulnerable, including Fedora, Debian, and Ubuntu. A blog update from February 3, 2021, reports that macOS, AIX, and Solaris may be vulnerable, but Qualys had not yet confirmed this. There is additional reporting that other operating systems are affected, including Apple’s Big Sur.
If an attacker has local access to an affected machine then it is possible for them to execute commands with administrator privileges.
Apply an Update
Update sudo to the latest version to address this vulnerability when operationally feasible. This issue is resolved in sudo version 1.9.5p2. Please install this version, or a version from your distribution that has the fix applied to it
This vulnerability was researched and reported by the Qualys Research Team.
This document was written by Timur Snoke.
|Date First Published:||2021-02-04|
|Date Last Updated:||2021-02-05 16:01 UTC|