Linux — SUDO Flaw Let Local User Gain Root Privileges

Home/Security Update, Software Issues/Linux — SUDO Flaw Let Local User Gain Root Privileges

Linux — SUDO Flaw Let Local User Gain Root Privileges

Sudo vulnerability, local user can exploit this flaw for root privilege escalation.

Linux — CVE-2021-3156

Sudo (su “do”) allows a system administrator to give users the ability to run commands as root while logging all commands and arguments.

Qualys security researchers discovered a vulnerability, mentioned that it is hiding in plain sight for nearly 10 years and millions of assets susceptible to it.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

According to the researchers, the heap-based buffer overflow flaw is present in

  • sudo legacy versions (1.8.2 to 1.8.31p2)
  • also, all stable versions (1.9.0 to 1.9.5p1) in their default configuration.

However, Other operating systems and distributions supported by Sudo are probably also exploitable using CVE-2021-3156 exploits.

Also, the researchers have developed a technical details and instructions on how users can check if they have a vulnerable version.

They developed several exploit variants that work on:

  • Ubuntu 20.04
  • Debian 10
  • Fedora 33

but won’t be sharing the exploit code publicly. 

Security Recommendations:

For the stable distribution (buster), this problem fixed in version 1.8.27-1+deb10u3. Downloadable the stable version from here.

However, Patched vendor-supported version provided  UbuntuRedHatDebianFedoraGentoo, and others.

By | 2021-01-27T22:16:38+05:30 January 27th, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. judi March 25, 2021 at 11:26 pm - Reply

    Ahaa, its nice discussion about this piece of writing here at this website, I have read all that, so now me also commenting here.

Leave A Comment

Subscribe to our newsletter to receive security tips everday!