Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system.
Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems. It is designed to give selected, trusted users administrative control when needed.
The bug (CVE-2021-3156) found by Qualys, though, allows any local user to gain root-level access on a vulnerable host in its default configuration. Qualys is disclosing its findings in a coordinated release with operating systems vendors, and has bestowed the errant code with the memorable name of the mythical mischief-maker Baron Samedi.
The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. Qualys developed exploits for several Linux ..
Support the originator by clicking the read the rest link below.