CVE-2021-3156 - SUDO grants root access to attackers! Here is the fix - package update details for various Operating systems

CVE-2021-3156 - SUDO grants root access to attackers! Here is the fix - package update details for various Operating systems

Description

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

What Does this mean?

A heap overflow vulnerability affecting all major Unix-like operating systems. This flaw is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password). Successful exploitation of this flaw could lead to privilege escalation.

Update sudo on Ubuntu

image.png

$ apt-get update
$ apt-get --only-upgrade install sudo

Update sudo on Debian

image.png

$ apt-get update
$ apt-get --only-upgrade install sudo

Update sudo on RHEL

image.png

$ yum update sudo

References:

Thanks!

Stay tuned for more!

Did you find this article valuable?

Support Learn Code Online by becoming a sponsor. Any amount is appreciated!