Any logged-in unprivileged user can abuse an old bug in sudo to gain root privileges. It was rated as an important security issue for Linux and Unix-like operating systems. The Qualys research team has discovered the heap overflow vulnerability in sudo itself has been hiding in plain sight for nearly 10 years. The bug allows any local users to gain root access without authentication (no user’s password needed). We need to apply patches to our operating systems as soon as possible.
System administrators use the sudo command to grant specific user rights, such as restarting Nginx or restart Apache server for server management purposes. IT automation tools such as Ansible and others use sudo heavily too.
Critical bug in sudo puts Linux and Unix systems at risk
We have two critical sudo vulnerabilities:
- It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)
- It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239)
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
From the blog post:
The problem can be corrected by updating your system to the following package versions.
Ubuntu and Debian Linux
You need to apply patched on Ubuntu version 16.04/18.04/20.04 LTS and 20.10 using the apt command/apt-get command:
For the stable Debian distribution (buster), this problem has been fixed in version 1.8.27-1+deb10u3. Hence run above commands on Debian too.
Open the terminal app and then run the following pacman command:
Red Hat Enterprise Linux 8.x/7.x and CentOS and Fedora Linux
Type dnf command or yum command to fix bug on RHEL 7.x/8.x and Fedora Linux:
Suse and OpenSUSE Linux
I have not tested this, but you need to update FreeBSD port or pkg by running the following pkg command:
We have to wait for Apple to release an update.
All of these are old buffer overflown bugs in sudo that any local user can exploit without a password or authentication. Hence, you must apply fixes to get rid of a critical bug in sudo. I am going to look into the doas utility, which is the default on OpenBSD. Of course, we can install doas from ports on NetBSD or FreeBSD. There is a Linux port too.
Source : cyberciti.biz