On January 26, 2021, a heap-based buffer overflow vulnerability in sudo, identified as CVE-2021-3156, was publicly disclosed. This vulnerability allows an attacker to gain root privileges on a host with a default sudo configuration.
Vulnerability details
- CVE ID: CVE-2021-3156
- Vulnerability severity: High
- Affected sudo versions:
- Legacy versions from 1.8.2 to 1.8.31p2
- Stable versions from 1.9.0 to 1.9.5p1
- Affected ECS images:
- Alibaba Cloud Linux 2
- CentOS 6/7/8
- Red Hat Enterprise Linux 6/7/8
- Ubuntu 14/16/18/20
- Debian 8/9/10
- SUSE Linux Enterprise Server 12/15
- OpenSUSE 42.3/15
- FreeBSD 11/12
Description
Sudo is a utility included in most UNIX-like operating systems that allows a user to run programs with the security privileges of another user. This heap-based buffer overflow vulnerability, CVE-2021-3156, can be exploited by an attacker to escalate privileges to root on a vulnerable host.
Security recommendations
Apply the official patch promptly.
Most major operating system vendors have released updates to address this vulnerability.
Detection methods
Use one of the following methods to determine if your system is affected:
- Method 1: Run the
sudo --versioncommand to check if your sudo version is in the affected range. - Method 2: Log on to the system as a non-root user and run the command
sudoedit -s /.
Check the output:
- If the output begins with
sudoedit:, your system is vulnerable and requires a patch. - If the output begins with
usage:, your system is patched and no action is needed.
Resolution
Update sudo to version 1.9.5p2 or later.
References
- Alibaba Cloud Linux help documentation on fixing the CVE-2021-3156 vulnerability
- Debian help documentation on fixing the CVE-2021-3156 vulnerability
- Red Hat help documentation on fixing the CVE-2021-3156 vulnerability
- Ubuntu help documentation on fixing the CVE-2021-3156 vulnerability
- SUSE help documentation on fixing the CVE-2021-3156 vulnerability
Announcing party
Alibaba Cloud Computing Co., Ltd.
该文章对您有帮助吗?