A vulnerability in open-source sudo utility could allow regular users to gain root privileges on vulnerable Linux hosts without authentication.
Sudo is an open-source utility used on Linux and Unix-like operating systems. Sudo allows users to run programs with the security privileges of another user or account.
The sudo heap-based buffer overflow vulnerability CVE-2021-3156 can allow privilege escalation to root via ‘sudoedit -s’ and a command-line argument that ends with a single backslash character.
The Qualys Research Team discovered the heap overflow vulnerability and found it has found it has a wide-ranging impact over many years.
“The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration,” wrote Animesh Jain, Vulnerability Signatures Product Manager, of Qualys in a blog post.
Moreover, Qualys researchers verified that multiple exploits could be used to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). The firm also warned other operating systems could also be potentially exploitable.
Qualys responsibly disclosed the sudo vulnerability with the sudo’s author on January 13, 2021. The sudo advisory and patches were then sent out to openwall distributions on January 19 and then coordinated releases starting on January 26, 2021.
Readers can check out the CVE advisory for CVE-2021-3156 for affected operating systems and distributions.