Service Notices
Heap-Based Buffer Overflow Vulnerability in Sudo (CVE-2021-3156)
Jan 28, 2021 GMT+08:00
I. Overview
A security team has officially disclosed the heap-based buffer overflow vulnerability in sudo (CVE-2021-3156), a near-ubiquitous utility available on major Unix-like operating systems. All legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 are affected. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.
Sudo is a powerful utility that is included in most if not all Unix- and Linux-based OSs. It allows users to run programs with the security privileges of another user.
If you are a sudo user, check your system and implement timely security hardening.
For more information about this vulnerability, visit the following website:
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
All legacy versions from 1.8.2 to 1.8.31p2 (default configuration)
All stable versions from 1.9.0 to 1.9.5p1 (default configuration)
Secure version:
sudo 1.9.5p2 and later
IV. Vulnerability Inspection and Handling
Checking for the vulnerability:
1. Log in to the system as a non-root user.
2. Run the sudoedit -s / command.
If the system is vulnerable, it will respond with an error that starts with sudoedit:.
If the system is patched, it will respond with an error that starts with usage:.
Vulnerability handling:
This vulnerability has been fixed in patches officially released by Linux vendors. If your service version falls into the affected range, install the patches as needed.
Download the sudo software package at: https://www.sudo.ws/dist/?spm=a2c4g.11174386.n2.3.75031051M25Hrq
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.