HOW CAN WE HELP YOU TODAY?

1
Knowledgebase: Announcements
Security advisory: VPS/DEDI Linux servers | CVE-2021-3156: Heap-Based Buffer Overflow in Sudo
Posted by on 30 January 2021 12:21 AM

sudo is a powerful utility built in almost all Unix-like based OSes. This allows users to run commands with other user privileges.

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo.

The vulnerability affects all the following sudo versions:

All legacy versions from 1.8.2 to 1.8.31p2

All stable versions from 1.9.0 to 1.9.5p1

How to find whether your system is affected by this vulnerability?

Login to the VPS/DEDI server and execute the command

sudoedit -s /

Based on the response, It’s possible to understand if the host is vulnerable or not:

Vulnerable if responds an error starting with sudoedit:

Not Vulnerable or patched if responds an error starting with usage:

Example: 

Output when the system is affected by the vulnerability

[root@server ~]# sudoedit -s /

sudoedit: /: not a regular file 

Output when the system is not affected by the vulnerability 

[root@server ~]# sudoedit -s /

sudoedit: sudoedit disabled for security

[root@server ~]# 

How to apply the security patching?

Login to the VPS/DEDI server as root and execute the following command

Centos 6

sudo rpm -Uvh http://repo.websitewelcome.com/dedi/centos/6/x86_64/sudo-1.8.6p3-30.el6.3.x86_64.rpm 

Centos 7

sudo rpm -Uvh http://mirror.centos.org/centos/7/updates/x86_64/Packages/sudo-1.8.23-10.el7_9.1.x86_64.rpm 

Once the patch is installed, please use the aforementioned command and verify. You should get the message “sudoedit disabled for security”.

Please feel free to contact our support helpdesk in case you have any queries.