Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-3156

When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being run in shell mode. (CVE-2021-3156)

Source

ALAS-2021-1478

Amazon Linux AMI Security Advisory: ALAS-2021-1478
Advisory Release Date: 2021-01-26 00:11 Pacific
Advisory Updated Date: 2021-01-26 19:04 Pacific

Severity: Important

References: CVE-2021-3156

Issue Overview:

When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being run in shell mode. (CVE-2021-3156)

Affected Packages:

sudo

Issue Correction:
Run yum update sudo to update your system.

New Packages:

i686:
    sudo-debuginfo-1.8.23-9.56.amzn1.i686
    sudo-devel-1.8.23-9.56.amzn1.i686
    sudo-1.8.23-9.56.amzn1.i686

src:
    sudo-1.8.23-9.56.amzn1.src

x86_64:
    sudo-1.8.23-9.56.amzn1.x86_64
    sudo-devel-1.8.23-9.56.amzn1.x86_64
    sudo-debuginfo-1.8.23-9.56.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2021-1478

ALAS-2021-1478

Vulmon Search

About

Products

Connect