Tech Tips

Qualys provide cloud security, compliance and related services research team has disconvered the overflow vulnerability in sudo. This vulnerability has been hiding for nearly 10 years. Te bug allows any local users to gain root access without authentication (no user’s password required.

The two vulnerabilities identified are

• A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)
• A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239)

Different variants of exploit have obtained full root privileges on Ubuntu 20.04 (sudo 1.8.31), Debian 10 (sudo 1.8.27) and Fedora 33 (sudo 1.9.2)

It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.

RHEL, Amazon Linux and other distros of Linux is also affected and were unpatched.

Solution:

The vulnerabilities can be fixed by updating the packages to secure version

Ubuntu / Debian(Ubuntu version 16.04/18.04/20.04 LTS and 20.10)

# sudo apt update

# sudo apt upgrade

OR

# sudo apt install sudo

# sudo –version

Arch Linux

# sudopacman -Syu

Red Hat Enterprise Linux 8.x-7.x and CentOS and Fedora Linux

# dnf or yum update

Suse and OpenSUSE Linux:

# sudozypperlp -a | grep -isudo

# sudozypper up

At Velan, our server support engineers can help you resolve server vulnerabilities by hardening the server. We troubleshoot problems like these for our clients every day. If you are interested in our service, please fill the Quick connect form to get in touch with us.