Operating System:

[UNIX/Linux]

Published:

27 January 2021

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2021.0036 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0036
      CVE-2021-3156 Heap based buffer overflow vulnerability in sudo
                              27 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          sudo
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access:    Root Compromise -- Existing Account
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-3156  
Reference:        https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

OVERVIEW

        The Qualys Research Team has discovered a vulnerability (CVE-2021-3156) 
        [1] in the common Unix utility sudo [2]. This vulnerability allows a 
        local user to gain root privileges. More details can be found at [1].


IMPACT

        Systems running sudo legacy versions from 1.8.2 to 1.8.31p2 and 
        all stable versions from 1.9.0 to 1.9.5p1 in their default configuration
        are vulnerable to root compromise by local users [1].


MITIGATION

        System administrators should upgrade their versions of sudo as soon
        as possible to vendor supplied patches or take other vendor recommended 
        mitigations as appropriate.  Organisations installing sudo from source
        code should upgrade to version 1.9.5p2 [7]
        
        Specific vendor information redistributed via AusCERT External Security
        Bulletins (at the time this ASB was published):
        
        RedHat [3]
        Ubuntu [4]
        Debian [5] [6]


REFERENCES

        [1] CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
            https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

        [2] Sudo Home Page
            https://www.sudo.ws/

        [3] ESB-2021.0281 - RedHat sudo security update
            https://www.auscert.org.au/bulletins/ESB-2021.0281/

        [4] ESB-2021.0287 - Ubuntu sudo security update
            https://www.auscert.org.au/bulletins/ESB-2021.0287/

        [5] ESB-2021.0293 - Debian sudo security update
            https://www.auscert.org.au/bulletins/ESB-2021.0293/

        [6] ESB-2021.0295 - Debian sudo security update
            https://www.auscert.org.au/bulletins/ESB-2021.0295/

        [7] sudo 1.9.5p2
            https://www.sudo.ws/stable.html#1.9.5p2

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBYBED7ONLKJtyKPYoAQjvNw/1Gu6M5po6jDxDHBNThRVflqT0OgI4GFVZ
nDKua9/IOhH3b6CZjBryFoIXJF7PbqX+zxMi8qYdq+wfhdTbAsRD8qc6ZjOWuxVH
sNYp7KOE5Bc14vBJ/wel+aAG6OtEQ1cC4GvuOOAuPqG1djh4xNa/9F4cZKr3BbwM
jDZmHwYpOtYXg7/bm/fb5RqZmDm8InxEYALsWcAm6IL601UHq0FRj2N8WqccGEZO
06t1OMLVwZBw5fDNBrLo96BZnDuzN6AN3BFPz2jTzUlSgv/Pk+zgE/CAKhBdsSU4
u+JODJpkXwrdu3TE2dTmjBT+Fqb5YliEuXzHi8D9ccTUCLblX5AXmncq5FTA6nwI
shSrH89SuVsNWP/NJBQibmhHcvccOvgJDvUZliWZwZkTUL6ij3ZzgilafEiA1XYq
uly+IW1XrZW8gK2p5jk04A4pyeC/dJ2sgC1jQOJ4Uxjz91zhnhF9JCvv8mJ0moBG
znOEXY3VxFY9d3apc8/mmVjXnRTXEpAnEbJt3iCjj+Sc0ynML7fGc8pf1CYgZ6Ra
bMvXglHw5woU0fKAQJdjtufTe0y9t2UzYMDPcjBmVY+vxjkRYkJefAbZsw3AF2qM
l6hB3XC8zh3XR/xeLM19AIBwBJWc70ZYWiSFcj0+EzcSdkvjSDNsqC3wOhngY0J5
QakLVHBbWA==
=da/H
-----END PGP SIGNATURE-----