CVE-2021-3156 Sudo- Heap Overflow
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is not provided in NVD.
1.3 Affected Version
Sudo before 1.9.5p2.
1.4 Vulnerability Attribution
This vulnerability is disclosed by MITRE.
1.5 Risk Impact
Sudo (superuser do) is a utility for UNIX- and Linux-based systems that provides an efficient way to give specific users permission to use specific system commands at the root (most powerful) level of the system. There are 600 different distributions of linux and all of them use sudo utility.
As per this website:
In 2021, 100%of the world’s top 500 supercomputers run on Linux.
Out of the top 25websites in the world, only 2 aren’t using Linux.
3%of the world’s top 1 million servers run on Linux.
90% of all cloud infrastructure operates on Linuxand practically all the best cloud hosts use it.
Any exploit of this vulnerabilities could lead to denial of service, escalation of privileges or worst can be further exploited to plant arbitrary malicious code. Public exploit is available here.
1.6 Virsec Security Platform (VSP) Support:
VSP Host’s Script Monitoring capability can be used to deny execution of sudoedit binary since is it not usual to run sudoedit on production servers.
1.7 Reference Links:
- NVD - CVE-2021-3156 (nist.gov)
- Sudo Heap-Based Buffer Overflow ≈ Packet Storm (packetstormsecurity.com)
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!