Sudo Vulnerability CVE-2021-3156

dice · 2021-01-28 07:12:43

if you havent apt updated in a while today would be the day to do it if you use sudo.

https://haxf4rall.com/2021/01/27/cve-20 … ity-alert/

On January 27, 2021, RedHat issued a risk notice for heap-based buffer overflow vulnerability, the vulnerability number is CVE-2021-3156. The vulnerability level is a high risk. CVSS v3 Base Score is 7.0.
Attackers can use heap-based buffer overflow vulnerability to gain root privileges after obtaining server permissions. Currently, Debian has fixed the vulnerability, Centos is still affected.
Vulnerability Detail
A heap-based buffer overflow was found in the way sudo parsed command line parameters. Any local user (normal user and system user, sudoer and non-sudoers) can exploit this vulnerability without authentication, and the attacker does not need to know the user’s password. Successfully exploiting this vulnerability to gain root privileges.
How to exploit this bug
Log in to the system as a non-root user and use the command sudoedit -s /
-If you see an error that starts with sudoedit:, it indicates that there is a vulnerability.
-If you see an error starting with usage:, then the patch has taken effect.
Demo
Affected version
sudo: 1.8.2 – 1.8.31p2
sudo: 1.9.0 – 1.9.5p1
Solution
In this regard, we recommend that users upgrade sudo to the latest version in time.
The post CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability Alert appeared first on InfoTech News.
Post navigation

Last edited by dice (2021-01-28 07:14:54)

Head_on_a_Stick · 2021-01-28 15:59:22

RFP for doas(1) was submitted yesterday:

https://bugs.debian.org/cgi-bin/bugrepo … bug=981176

Looks like it's going to be packaged up for De??an :-)

Last edited by Head_on_a_Stick (2021-01-28 16:19:23)

dice · 2021-01-28 16:09:18

There is also a minimalist alternative to privilege escalation that allows normal users
to run other programs as a different user and group..

https://github.com/parazyd/sup

Ive also started to create scripts to handle everyday tasks from the user account using su.

For instance if i want to edit a file as root i have the below script i call "sue"

#!/bin/sh
su -c "$EDITOR $@"

Marjorie · 2021-01-28 16:23:24

dice wrote:

if you havent apt updated in a while today would be the day to do it if you use sudo.
https://haxf4rall.com/2021/01/27/cve-20 … ity-alert/

My once-a-day unattended-upgrades (security fixes only) picked this up 2:52 GMT yesterday.
Must have been bad - they seems to have pushed it out to the downstream repos (I'm on stable) damn fast.

Head_on_a_Stick · 2021-01-28 16:30:38

dice wrote:

if i want to edit a file as root

Why not just use sudoedit? Oh no, wait...

Marjorie wrote:

they seems to have pushed it out to the downstream repos [...] damn fast

Yeah, the Security Team rocks :-)

https://security-tracker.debian.org/tra … -2021-3156

dice · 2021-01-28 16:48:15

Head_on_a_Stick wrote:

dice wrote:
if i want to edit a file as root
Why not just use sudoedit? Oh no, wait...

Well if one does not want to use sudo, they could edit a file that way using su.

zapper · 2021-01-29 09:11:36

On Hyperbola I use doas, surprised more distros within linux haven't started using it yet.

yeti · 2021-01-29 13:17:19

zapper wrote:

On Hyperbola I use doas, surprised more distros within linux haven't started using it yet.

Did you check it for having "CVE-2019-25016 (Unsafe, incomplete PATH reset)" fixed?

mckaygerhard · 2021-01-29 15:44:45

sudo is a sh*t that makes a linux box acts like a windo one! puff .. is has a larrge history of several security holes, i mean several security interestelar black holes.. in fact

Head_on_a_Stick · 2021-01-29 18:23:38

yeti wrote:

zapper wrote:
On Hyperbola I use doas, surprised more distros within linux haven't started using it yet.
Did you check it for having "CVE-2019-25016 (Unsafe, incomplete PATH reset)" fixed?

Alpine Linux updated to v6.8.1 within an hour of the upstream release :-)

zapper · 2021-01-29 21:42:14

yeti wrote:

zapper wrote:
On Hyperbola I use doas, surprised more distros within linux haven't started using it yet.
Did you check it for having "CVE-2019-25016 (Unsafe, incomplete PATH reset)" fixed?

If I had to guess, I think Hyperbola has fixed that already...

But curiously, when did get discovered?

If it was a year or two ago, for sure.

by for sure, I mean its been solved most likely.

Last edited by zapper (2021-01-29 21:42:37)

Head_on_a_Stick · 2021-01-29 21:49:48

zapper wrote:

when did get discovered?

Yesterday.

EDIT: the fixed version is 6.8.1.

EDIT2: it looks like the doas package in Hyperbola is orphaned and stuck on an old version (6.6.1).

Last edited by Head_on_a_Stick (2021-01-29 22:25:11)

zapper · 2021-01-30 10:05:58

Head_on_a_Stick wrote:

zapper wrote:
when did get discovered?
Yesterday.
EDIT: the fixed version is 6.8.1.
EDIT2: it looks like the doas package in Hyperbola is orphaned and stuck on an old version (6.6.1).

Hmm, they are doing a lot of different packaging things for 0.4 release, so it may be taking a while. I hope 0.4 is ready soon.

The officially official Devuan Forum!

#1 2021-01-28 07:12:43

Sudo Vulnerability CVE-2021-3156

#2 2021-01-28 15:59:22

Re: Sudo Vulnerability CVE-2021-3156

#3 2021-01-28 16:09:18

Re: Sudo Vulnerability CVE-2021-3156

#4 2021-01-28 16:23:24

Re: Sudo Vulnerability CVE-2021-3156

#5 2021-01-28 16:30:38

Re: Sudo Vulnerability CVE-2021-3156

#6 2021-01-28 16:48:15

Re: Sudo Vulnerability CVE-2021-3156

#7 2021-01-29 09:11:36

Re: Sudo Vulnerability CVE-2021-3156

#8 2021-01-29 13:17:19

Re: Sudo Vulnerability CVE-2021-3156

#9 2021-01-29 15:44:45

Re: Sudo Vulnerability CVE-2021-3156

#10 2021-01-29 18:23:38

Re: Sudo Vulnerability CVE-2021-3156

#11 2021-01-29 21:42:14

Re: Sudo Vulnerability CVE-2021-3156

#12 2021-01-29 21:49:48

Re: Sudo Vulnerability CVE-2021-3156

#13 2021-01-30 10:05:58

Re: Sudo Vulnerability CVE-2021-3156

Board footer