Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0036 CVE-2021-3156 Heap based buffer overflow vulnerability in sudo 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-3156 Reference: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit OVERVIEW The Qualys Research Team has discovered a vulnerability (CVE-2021-3156) [1] in the common Unix utility sudo [2]. This vulnerability allows a local user to gain root privileges. More details can be found at [1]. IMPACT Systems running sudo legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration are vulnerable to root compromise by local users [1]. MITIGATION System administrators should upgrade their versions of sudo as soon as possible to vendor supplied patches or take other vendor recommended mitigations as appropriate. Organisations installing sudo from source code should upgrade to version 1.9.5p2 [7] Specific vendor information redistributed via AusCERT External Security Bulletins (at the time this ASB was published): RedHat [3] Ubuntu [4] Debian [5] [6] REFERENCES [1] CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit [2] Sudo Home Page https://www.sudo.ws/ [3] ESB-2021.0281 - RedHat sudo security update https://www.auscert.org.au/bulletins/ESB-2021.0281/ [4] ESB-2021.0287 - Ubuntu sudo security update https://www.auscert.org.au/bulletins/ESB-2021.0287/ [5] ESB-2021.0293 - Debian sudo security update https://www.auscert.org.au/bulletins/ESB-2021.0293/ [6] ESB-2021.0295 - Debian sudo security update https://www.auscert.org.au/bulletins/ESB-2021.0295/ [7] sudo 1.9.5p2 https://www.sudo.ws/stable.html#1.9.5p2 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIUAwUBYBED7ONLKJtyKPYoAQjvNw/1Gu6M5po6jDxDHBNThRVflqT0OgI4GFVZ nDKua9/IOhH3b6CZjBryFoIXJF7PbqX+zxMi8qYdq+wfhdTbAsRD8qc6ZjOWuxVH sNYp7KOE5Bc14vBJ/wel+aAG6OtEQ1cC4GvuOOAuPqG1djh4xNa/9F4cZKr3BbwM jDZmHwYpOtYXg7/bm/fb5RqZmDm8InxEYALsWcAm6IL601UHq0FRj2N8WqccGEZO 06t1OMLVwZBw5fDNBrLo96BZnDuzN6AN3BFPz2jTzUlSgv/Pk+zgE/CAKhBdsSU4 u+JODJpkXwrdu3TE2dTmjBT+Fqb5YliEuXzHi8D9ccTUCLblX5AXmncq5FTA6nwI shSrH89SuVsNWP/NJBQibmhHcvccOvgJDvUZliWZwZkTUL6ij3ZzgilafEiA1XYq uly+IW1XrZW8gK2p5jk04A4pyeC/dJ2sgC1jQOJ4Uxjz91zhnhF9JCvv8mJ0moBG znOEXY3VxFY9d3apc8/mmVjXnRTXEpAnEbJt3iCjj+Sc0ynML7fGc8pf1CYgZ6Ra bMvXglHw5woU0fKAQJdjtufTe0y9t2UzYMDPcjBmVY+vxjkRYkJefAbZsw3AF2qM l6hB3XC8zh3XR/xeLM19AIBwBJWc70ZYWiSFcj0+EzcSdkvjSDNsqC3wOhngY0J5 QakLVHBbWA== =da/H -----END PGP SIGNATURE-----