Security advisory: VPS/DEDI Linux servers | CVE-2021-3156: Heap-Based Buffer Overflow in Sudo Posted by on 30 January 2021 12:21 AM
|
|
sudo is a powerful utility built in almost all Unix-like based OSes. This allows users to run commands with other user privileges. A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. The vulnerability affects all the following sudo versions: All legacy versions from 1.8.2 to 1.8.31p2 All stable versions from 1.9.0 to 1.9.5p1 How to find whether your system is affected by this vulnerability? Login to the VPS/DEDI server and execute the command sudoedit -s / Based on the response, It’s possible to understand if the host is vulnerable or not: Vulnerable if responds an error starting with sudoedit: Not Vulnerable or patched if responds an error starting with usage: Example: Output when the system is affected by the vulnerability [root@server ~]# sudoedit -s / sudoedit: /: not a regular file Output when the system is not affected by the vulnerability [root@server ~]# sudoedit -s / sudoedit: sudoedit disabled for security [root@server ~]# How to apply the security patching? Login to the VPS/DEDI server as root and execute the following command Centos 6 sudo rpm -Uvh http://repo.websitewelcome.com/dedi/centos/6/x86_64/sudo-1.8.6p3-30.el6.3.x86_64.rpm Centos 7 sudo rpm -Uvh http://mirror.centos.org/centos/7/updates/x86_64/Packages/sudo-1.8.23-10.el7_9.1.x86_64.rpm Once the patch is installed, please use the aforementioned command and verify. You should get the message “sudoedit disabled for security”. Please feel free to contact our support helpdesk in case you have any queries. | |
|