7.2
CVSSv2

CVE-2021-3156

Published: 26/01/2021 Updated: 23/02/2021
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Sudo prior to 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Most Upvoted Vulmon Research Post

Exploit of Sudo heap-based buffer overflow privilege escalation CVE-2021-3156: https://github.com/r4j0x00/exploits/tree/master/CVE-2021-3156

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sudo project sudo

sudo project sudo 1.9.5

fedoraproject fedora 32

fedoraproject fedora 33

debian debian linux 10.0

netapp hci management node -

netapp oncommand unified manager core package -

netapp solidfire -

mcafee web gateway 8.2.17

mcafee web gateway 9.2.8

mcafee web gateway 10.0.4

Vendor Advisories

Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutio ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An update for sudo is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation For the stable distribution (buster), this problem has been fixed in version 1827-1+deb ...
Synopsis Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4313 Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this u ...
Synopsis Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-444] Type/Severity Security Advisory: Important Topic An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterpri ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow An attacker could exploit this vulnerability by accessing a Uni ...
A serious heap-based buffer overflow has been discovered in sudo before version 195p2 that is exploitable by any local user It has been given the name Baron Samedit by its discoverer The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file User authentication is not required to exploit the bug ...

Mailing Lists

Sudo version 195p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit ...
A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges The vulnerability was introduced in July of 2011 and affects version 182 through 1831p2 as well as 190 through 195p1 in their default configurations The technique used by this implementation leverages ...
Sudo versions prior to 195p2 suffer from buffer overflow and privilege escalation vulnerabilities ...
Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 182 to 1831p2 and all stable versions from 190 to 195p1, in their default configuration ...
Qualys Security Advisory Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments Timeline =========================================== ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-09-1 macOS Big Sur 1121, macOS Catalina 10157 Supplemental Update, and macOS Mojave 10146 Security Update 2021-002 macOS Big Sur 1121, macOS Catalina 10157 Supplemental Update, and macOS Mojave 10146 Security Update 2021-002 addresses the following issues Information ab ...
Qualys Security Advisory Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments Timeline =========================================== ...
Roman Fiedler writes: Now sudo patches are already deployed widely, so this is how the NO_ROOT_MAILER flag influenced exploit complexity: * With "NO_ROOT_MAILER" working using "nss_load_library" method, eg implemented by blasty: main program githubcom/blasty/CVE-2021-3156/blob/main/haxc (140 lines with 18 lines header) and the librar ...

Github Repositories

CVE-2021-3156 概述 Heap-based buffer overflow in Sudo (CVE-2021-3156) 由于sudo转义\不当而造成的堆溢出漏洞,LPE 影响范围 从182到1831p2的所有版本 从190到195p1的所有稳定版本 检测命令 sudoedit -s '\' `perl -e 'print "A" x 65536' 如果出现类似Segmentation fault (core dumped)即表明存在漏洞 相

This is a repo for the PoC's I found from diffrernt github repoisitory of the recent sudo CVE 2021-3156 (Baron Samedit)

Baron-Samedit This is a repo for the PoC's I found from diffrernt github repoisitory of the recent sudo CVE 2021-3156 (Baron Samedit) githubcom/blasty/CVE-2021-3156 githubcom/r4j0x00/exploits gistgithubcom/stong/2f144f94f6de9c39c516781b041d2b64 githubcom/lockedbyte/CVE-Exploits/tree/master/CVE-2021-3156

CVE-2021-3156-Exp The exploit of CVE-2021-3156 After an overnight researching, finally, I got it! Thanks wwwqualyscom/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudotxt

ScannerCVE-2021-3156 Script para escanear una lista de host donde es posible saber si se es vulnerable al cve 2021-3156 En caso de no ser vulnerable la salida es la siguiente: sudoedit: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper sudoedit: se requiere una contraseña Testeado en Ubuntu

Drop-in sudo replacement doing ssh root@localhost passing parameters like empty strings properly

sshudo Synopsis sshudo pbuilder --build --debbuildopts "" /somedebianpackage_123-4dsc PBUILDERROOTCMD=sshudo alias sudo=sshudo sshudo ln -vis sshudo /usr/bin/sudo Description sshudo is an SSH based minimal drop-in replacement for very basic sudo usage with commands which still contain parameters with spaces or empty parameters Options None so far Limitations

Hello, I'm Michael Crump I work at Microsoft on security, compliance and identity I also live stream topics regarding ethical hacking on Twitch and have a rad YouTube channel Join me and we'll learn together Twitch: twitchtv/mbcrump YouTube: youtubecom/mbcrump Twitter: twittercom/mbcrump Discord: discordgg/qrGrx8m Latest YouTub

CVE-2021-3156 PoC Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run: $ /sudo-hax-me-a-sandwich <target_number> Contributing Send (sensible) PR's, I might merge Some ideas: More targets Target finding Other exploitation strategies

CVE-2021-3156 PoC Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run: $ /sudo-hax-me-a-sandwich <target_number> manual mode: $ /sudo-hax-me-a-sandwich <smash_len_a> <smash_len_b> <null_stomp_len> &a

CVE-2021-3156 PoC Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run: $ /sudo-hax-me-a-sandwich <target_number> Contributing Send (sensible) PR's, I might merge Some ideas: More targets Target finding Other exploitation strategies Mor

CVE-2021-3156: Sudo exploit for Debain 10

CVE-2021-3156 CVE-2021-3156: Sudo exploit for Debain 10 Full article: syst3mfailuregithubio/sudo-heap-overflow Currently tested on: Sudo: Version 1827 (1827-1+deb10u2) Checksum (sha256): ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038 Glibc: Version 228 Checksum (sha256): dedb887a5c49294ecd850d86728a0744c0e7ea780be8de2d4fc89f6948386

TA-Samedit Simple Splunk UF detection for Baron Samedit sudo buffer overflow This takes the detection method from blogqualyscom/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit and converts it into a scripted input for any Splunk Universal Forwarder running on a Linux server or endpoint This detection method is not fo

1day research effort

CVE-2021-3156-Baron-Samedit 1day research effort

Exploit code for Sudo vuln; CVE-2021-3156

CVE-2021-3156 Exploit code for Sudo vuln; CVE-2021-3156

minimalist sudo alternative: multi-user privilege escalation tool in three letters

SUD :: Super User Do This software aims to be a UNIX tool for generic secure usage when in need of privilege escalation It is designed to run SUID, with "super-user powers" to execute things as root on the system it is installed As such, it is designed for security, leveraging all possible measures to avoid vulnerabilities, including the reduction of complexity in i

CVE-2021-3156

Official TryHackMe Bad Admin WriteUp First -- scan machine with nmap: nmap -p- -A <MACHINE_IP> Go on site in your browser Scan directories on this site gobuster dir -u <MACHINE_IP> -w /usr/share/wordlists/dirb/bigtxt Go to secter Download image, and use steghide steghide extract -sf findjpg Go to imgur Download barcode, and decode Login ssh

============================================================= __________ _________ \______ \_______ ____ ______ \_ ___ \ __ ________ | ___/\_ __ \_/ __ \ / ___/ / \ \/| | \____ \ | | | | \/\ ___/ \___ \ \ \___| | / |_> > |____| |__| \___ >____ > \______ /___

Root shell PoC for CVE-2021-3156

CVE-2021-3156 Root shell PoC for CVE-2021-3156

Linux privesc fun

Traitor A Linux privilege escalation framework Packages up a bunch of methods to exploit local vulnerabilities and misconfigurations in order to gain a root shell Usage Run with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation traitor Run with the -a flag to find potential vulnerabilities, attempting to exploit each, sto

CVE-2021-3156-SCRIPT git clone githubcom/binw2018/CVE-2021-3156-SCRIPT && cd CVE-2021-3156-SCRIPT && sh Scriptsh

CVE-2021-3156 Hello everyone, A couple of days back, a serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user It has been given the name Baron Samedit by its discoverer The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file User authentication is not required to exploit the bug

checking CVE-2021-3156 vulnerability & patch script

CVE-2021-3156 checking CVE-2021-3156 vulnerability & patching script CVE-2021-3156 description: Sudo before 195p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character To check for CVE-2021-3156 vulnerability: python3 CVE-2021-3156_checkerpy To patc

PoC for CVE-2021-3156 (sudo heap overflow)

CVE-2021-3156 PoC for CVE-2021-3156 (sudo heap overflow) Exploit by @gf_256 aka cts Thanks to r4j from super guesser for help Credit to Braon Samedit of Qualys for the original advisory Demo video Instructions wget/curl tune RACE_SLEEP_TIME gcc exploitc cp /etc/passwd fakepasswd modify fakepasswd so your uid is 0 /aout Tested on Ubuntu 1804 (sudo 1821p2) and 2004 (

CVE-2021-3156

复现别人家的CVEs系列

CVE-2021-3156 nss_load_library ver No LSB modules are available Distributor ID: Ubuntu Description: Ubuntu 2004 LTS Release: 2004 Codename: focal GNU C Library (Ubuntu GLIBC 231-0ubuntu9) stable release version 231 Sudo 版本 1831 Sudoers 策略插件版本 1831 Sudoers 文件语法版本 46 Sudoers I/O plugin version 1831 poc sudoedit -s '\' `perl -e

CVE-2021-3156: Sudo exploit for Debain 10

CVE-2021-3156 CVE-2021-3156: Sudo exploit for Debain 10 Full article: syst3mfailuregithubio/sudo-heap-overflow Currently tested on: Sudo: Version 1827 (1827-1+deb10u2) Checksum (sha256): ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038 Glibc: Version 228 Checksum (sha256): dedb887a5c49294ecd850d86728a0744c0e7ea780be8de2d4fc89f69483869

sudo heap overflow to LPE, in Go

CVE-2021-3156 sudo heap overflow to LPE, in Go

CVE-2021-3156 PoC Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run: $ /sudo-hax-me-a-sandwich <target_number> manual mode: $ /sudo-hax-me-a-sandwich <smash_len_a> <smash_len_b> <null_stomp_len> &a

记录GitHub热门仓库,每小时更新,按天归档。

github-hot-hub 记录GitHub从 2021-01-12 日至今的trending。每小时抓取一次数据,按天归档。 相关项目 知乎热榜 微博热榜 头条热榜 抖音热榜 v2ex热榜 更新时间:2021-01-30 19:09:37 +0800 今日热门仓库 dogecoin / dogecoin very currency language: C++    stars: 2,666    folks: 985    163 stars today

cve-2021-3156;sudo堆溢出漏洞;漏洞检测

sudo堆溢出漏洞(CVE-2021-3156) 漏洞概述 国外研究团队发现sudo堆溢出漏洞(CVE-2021-3156),漏洞隐藏十年之久,普通用户可以通过利用此漏洞,在默认配置的 sudo 主机上获取root权限。漏洞细节已在互联网上公开。 漏洞编号 CVE-2021-3156 漏洞综合评级 高危 漏洞影响范围 从182到1831p2的所有

CVE-2021-3156

a simple script to patch CVE-2021-3156 (heap based buffer overflow via sudo).

CVE-2021-3156 a simple script to patch CVE-2021-3156 (heap based buffer overflow via sudo)

Patch Script for CVE-2021-3156 Heap Overflow

CVE-2021-3156-Patch Patch Script for CVE-2021-3156 Heap Overflow

How to solve Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156?

How to solve Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156? sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156 Original release date: February 02, 2021 Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 182 through 1831p2 and stable versions 190

Simple Ansible LAB Creating a lab with vagrant and ansible, for hosting a simple web service 1 Installing Host Softwares: In order to create this simple lab, I will list down the softwares that the host machine should have: Vagrant 226; Virtual Box 6114 To install the hypervisor Virtual Box, folllow installation instructions on their website For Vagrant, you can use an

ansible生产环境使用场景(六):sudo漏洞修复

一、sudo漏洞说明 监测到sudo堆溢出漏洞(CVE-2021-3156),成功利用此漏洞,任何没有特权的用户都可以在易受攻击的主机上获得root特权,需要将sudo版本更新至1823-10及以上版本。 二、环境说明 主机名 操作系统版本 ip gcc版本 sudo版本 备注 ansible-tower Centos 761810 172167100 / / ansible管

CVE-2021-3156 PoC #sudoedit / -s 返回:usage: sudoedit 开头则不影响 返回:sudoedit: 开头的信息则可能影响 以下版本存在安全隐患 Sudo 182 ‐ 1831p2 Sudo 190 ‐ 195p1 Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run

README

Ren Fei Hi there, I'm RenFei I'm a Husband, Developer and My personal website: wwwrenfeinet I’m currently learning everything I’m looking to collaborate with other content creators Fun fact: Latest Blog Posts Linux、Unix、MacOS 存在 sudo 漏洞(CVE-2021-3156) 利用复现 数据仓库的概念(三):数据模型设

脚本小子竟是我自己?

cve-2021-3156 脚本小子竟是我自己?

Projects i plan on finishing in future.

future_projects CURRENT GOALS: Computer Science Maths Physics Electronics NEW PROJECTS THAT NEED TO BE SORTED SUDO CVE-2021-3156 exploit finished Remedy: Description: Make a program/script that will exploit the new vulnerability Goal: Learn about the new CVE bit_torrent_sacrent finished Remedy: Description: Video streaming application that uses modified version of

CVE-2021-3156漏洞复现

CVE-2021-3156 PoC Introduction This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys) Usage build: $ make list targets: $ /sudo-hax-me-a-sandwich run: $ /sudo-hax-me-a-sandwich <target_number> manual mode: $ /sudo-hax-me-a-sandwich <smash_len_a> <smash_len_b> <null_stomp_len> &a

CVE-2021-3156: Sudo exploit for Debain 10

CVE-2021-3156 CVE-2021-3156: Sudo exploit for Debain 10 Full article: syst3mfailuregithubio/sudo-heap-overflow Currently tested on: Sudo: Version 1827 (1827-1+deb10u2) Checksum (sha256): ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038 Glibc: Version 228 Checksum (sha256): dedb887a5c49294ecd850d86728a0744c0e7ea780be8de2d4fc89f6948386

CVE-2021-3156非交互式执行命令

CVE-2021-3156 This is a warehouse modification based on @CptGibbon and supports arbitrary command execution 相关阅读:CVE-2021-3156 - Exploit修改 Root shell PoC for CVE-2021-3156 (no bruteforce) For educational purposes etc Tested on : @CptGibbon Ubuntu 2004 against sudo 1831 @Rvn0xsy Ubuntu 1710 All research credit: Qualys Research Team Check out the details

Slides Speech slides Current slides Exploiting sudo CVE-2021-3156: From heap-based overflow to LPE/EoP (Feb 19 2021)

NixOS vulnerability testing Run all tests nix-build Run specific test nix-build -A cve-2021-3156

exploits CVE-2021-3156: heap overflow in sudo CVE-2020-6507: Out of bounds write in V8 Chrome versions <= 830410397

Custom version of sudo 1.8.3p1 with CVE-2021-3156 patches applied

sudo-183p1-patched This is a custom version of sudo, based on the sudo 183p1 package as provided by Canonical for Ubuntu 1204 using the URLs below, with the CVE-2021-3156 patches applied usarchiveubuntucom/ubuntu/pool/main/s/sudo/sudo_183p1-1ubuntu37dsc usarchiveubuntucom/ubuntu/pool/main/s/sudo/sudo_183p1origtargz usarchiveubuntuco

kernel-exploit-factory Keep updating Linux kernel CVE exploit analysis report and relative debug environment You don't need to compile Linux kernel and configure your environment anymore This repository is to extract all Linux kernel exploit and relative debug environment You can use Qemu to boot the kernel and test the exploit # Eg, test CVE-2017-11176, finally

Linux Elevation(持续更新)

Linux Elvation This project is for Linux Elvation Vulnerable list #CVE  #Description  #Kernels CVE-2021-3156[Sudo 182 - 1831p2 Sudo 190 - 195p1] CVE-2020-9470[Wing FTP Server 625 - Privilege Escalation] CVE-2020-8635[Wing FTP Server 623 - Privilege Escalation] CVE-2020-8835[Linux Kernel 54 or Linux Kernel 54] CVE-2019-7304 [2342ubuntu01 or 23

Recent Articles

Latest macOS Big Sur also has SUDO root privilege escalation flaw
BleepingComputer • Ax Sharma • 03 Feb 2021

A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet.
Last week, BleepingComputer had reported on 
 aka 
a flaw in SUDO which lets local users gain root privileges.
 is a Unix program that enables system admins to provide limited root privileges to normal users listed in the
file, while at the same time keeping a log of their activity.
This helps ...

Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
Threatpost • Becky Bracken • 27 Jan 2021

A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered — and it had been sitting there for a decade, researchers said.
The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Qualys researchers named the vulnerability “Baron Samedit,” tracked as CVE-2021-3156. They said the bug popped i...

New Linux SUDO flaw lets local users gain root privileges
BleepingComputer • Sergiu Gatlan • 26 Jan 2021

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.
is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.
It works on the Principle of Least Privilege where the program gives people just enough permissions to get their work done without compromising the system's overall...

The Register

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system.
Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems. It is designed to give selected, trusted users administrative control when needed.
The bug (CVE-2021-3156) found by Qualys, though, allows any local user to gain root-level access on a vulnerable host in its de...

References

CWE-787http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2021/Feb/42http://seclists.org/fulldisclosure/2021/Jan/79http://www.openwall.com/lists/oss-security/2021/01/26/3http://www.openwall.com/lists/oss-security/2021/01/27/1http://www.openwall.com/lists/oss-security/2021/01/27/2http://www.openwall.com/lists/oss-security/2021/02/15/1https://kc.mcafee.com/corporate/index?page=content&id=SB10348https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/https://security.gentoo.org/glsa/202101-33https://security.netapp.com/advisory/ntap-20210128-0001/https://security.netapp.com/advisory/ntap-20210128-0002/https://support.apple.com/kb/HT212177https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcMhttps://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerabilityhttps://www.debian.org/security/2021/dsa-4839https://www.kb.cert.org/vuls/id/794544https://www.openwall.com/lists/oss-security/2021/01/26/3https://www.sudo.ws/stable.html#1.9.5p2https://www.synology.com/security/advisory/Synology_SA_21_02https://access.redhat.com/errata/RHSA-2021:0221https://github.com/ph4ntonn/CVE-2021-3156https://github.com/AbdullahRizwan101/Baron-Samedithttps://nvd.nist.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/195658