On January 26, 2021, a heap-based buffer overflow vulnerability (CVE-2021-3156) in sudo was disclosed. Unprivileged users can gain root privileges on a vulnerable host that uses a default sudo configuration by exploiting this vulnerability.
Detected vulnerability
- Vulnerability number: CVE-2021-3156
- Vulnerability severity: high
- Affected versions:
- All legacy versions from 1.8.2 to 1.8.31p2
- All stable versions from 1.9.0 to 1.9.5p1
- Affected ECS images:
- Alibaba Cloud Linux 2
- CentOS 6/7/8
- Red Hat Enterprise Linux 6/7/8
- Ubuntu 14/16/18/20
- Debian 8/9/10
- SUSE Linux Enterprise Server 12/15
- OpenSUSE 42.3/15
- FreeBSD 11/12
Details
Sudo is included in most if not all UNIX- and Linux-based operating systems. It allows users to run programs by using the security privileges of another user. Successful exploitation of this vulnerability allows unprivileged users to gain root privileges on the vulnerable host.
Security suggestion
Install the patch for the CVE-2021-3156 vulnerability at your earliest convenience.
As of now, most systems have fixed the corresponding sudo vulnerabilities, and the corresponding update packages have been launched. You must install the patch for the CVE-2021-3156 vulnerability at your earliest convenience.
Detection method
- Method 1: run
sudo --versionto check whether the sudo version number is within the affected version range. - Method 2: log on to the system as a non-root account and run
sudoedit -s /.
- If an error message that starts with
sudoedit:is returned, the sudo is affected and you must fix the vulnerability. - If an error message that starts with
usage:is returned, the patch is installed and you do not need to fix the vulnerability.
Solution
Update sudo version to 1.9.5p2 or later.
References
Announcing party
Alibaba Cloud Computing Co., Ltd.