Overview
A heap-based overflow has been discovered in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.
Description
From the Sudo Main Page:
Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.
It is possible for a local Non-administrative user to exploit this vulnerability to elevate their privileges so that they can execute commands with administrator privileges. The team at Qualys assigned this vulnerability CVE-2021-3156 and found multiple *nix operating systems were vulnerable, including Fedora, Debian, and Ubuntu. A blog update from February 3, 2021, reports that macOS, AIX, and Solaris may be vulnerable, but Qualys had not yet confirmed this.
There is additional reporting that other operating systems are affected, including Apple’s Big Sur.
Impact
If an attacker has local access to an affected machine then it is possible for them to execute commands with administrator privileges.
Solution
Apply an Update
Apply an update if operationally feasible.
Update sudo to the latest version to address this vulnerability when operationally feasible. There have been no reports of issues with updates when the patches have been made available.
Acknowledgements
This vulnerability was researched and reported by the Qualys Research Team.
This document was written by Timur Snoke.
Vendor Information
One or more vendors are listed for this ad ..
Support the originator by clicking the read the rest link below.
