Sudo is a powerful utility that’s included in most if not all Unix- and Linux-based OSes. It allows users to run programs with the security privileges of another user.
Qualys Security Research Team have discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.
The Sudo privilege escalation vulnerability is tracked as CVE-2021-3156 (aka Baron Samedit). The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.
To test if a system is vulnerable or not, login to the system as a non-root user.
Run command “sudoedit -s /”
If the system is vulnerable, it will respond with an error that starts with “sudoedit:”
If the system is patched, it will respond with an error that starts with “usage:”
Given the breadth of the attack surface for this vulnerability, we recommend users apply patches for this vulnerability immediately.
If you are not our customer, start your free trial of Alien Vault USM SIEM to get full access to scan the vulnerabilities (CVE-2021-3156), leverage threat intelligence and automated security monitoring capabilities, so you can identify your vulnerable assets.