We use the sudo
command everyday to grant specific user rights, such as installing a package, updating the package, to access root files, to start LAMPP or apache server.
Any logged-in user without administrators permission can gain root privileges using an old bug in sudo
.
This bug allows any local users to gain root access without root password.
Vulnerability
CVE-2021-3156: Heap-Based Buffer Overflow in sudo
More details https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Vulnerable sudo versions
- All legacy versions from 1.8.2 to 1.8.31p2
- All stable versions from 1.9.0 to 1.9.5p1
Check your sudo version using
sudo --version
Disclosure Timeline
- 2021-01-13: Advisory sent to Todd.Miller@sudo
- 2021-01-19: Advisory and patches sent to distros@openwall
- 2021-01-26: Coordinated Release Date (6:00 PM UTC)
Proof of Concept Video
It was found that sudo
incorrectly handle memory when parsing command lines. A local user can use this issue to obtain access to the administrator.
Update your systems to resolve this problem.
Ubuntu and Debian Linux:
First of all check your sudo version
sudo --version
Update the package using apt command/apt-get command
sudo apt install sudo
sudo --version
Or you can simply run the following commands
sudo apt update
sudo apt upgrade
CentOS and Fedora Linux and Red Hat Enterprise Linux 8.x/7.x
Type dnf command or yum command to fix the bug
sudo dnf update
##or
sudo yum update
macOS
You have to wait for Apple to release the update.
Apple will take time to push updates. Do not create new user and don’t give ssh access to anyone on your MacOS.