Linux Sudo Vulnerability (CVE-2021-3156)

Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via ‘sudoedit -s’ and a command-line argument that ends with a single backslash character.

Contents of The Article hide
1 Overview
2 Description
3 Impact
4 Solution (Check Configuration)
5 References to Advisories, Solutions and Tools

Overview

Linux Sudo Vulnerability (CVE-2021-3156): “Sudo before 1.9.5p2 has a Heap-based Buffer Overflow vulnerability, allowing privilege escalation to root via ‘sudoedit -s’ and a command-line argument that ends with a single backslash character.”

Description

Sudo is one of the most important, powerful and commonly used utilities that comes as a core command pre-installed on almost every Linux based operating system. Sudo program allows users to run programs with the security privileges of another user, by default the superuser.

Announced by the Qualys researchers, in Sudo before 1.9.5p2, a heap based vulnerability exists that allows attackers to gain root privileges by running sudoedit with -s or -i flags with a single backslash character at the end as an argument. The vulnerability is considered to be critical since it is exploitable by any user, whether included in the sudoers file or not.

$sudoedit -s /

Note that, special characters, including the backlash, is normally escaped by the sudo command. However, not checking the backslash character as an argument when used with the sudoedit command with -s or -i flags causes a buffer overflow vulnerability.

The vulnerability exists for almost 10 years, since it was introduced in July 2011. Sudo legacy versions from 1.8.2 to 1.8..31p2 and stable versions from 1.9.0 to 1.9.5p1 are vulnerable by their default configuration and need to be updated to version 1.9.5p2.

Qualys has released three different proof of concept exploits for the vulnerability on the Qualys Blog. To learn more about the vulnerability and its exploitation, you could also check the below proof of concept video shared by the Qualys.

Impact

An unprivileged user can gain unauthorized root user privileges exploiting the vulnerability.

Impact Summary

Category: Elevation of Privilege (Root User)
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution (Check Configuration)

To defend against possible attacks due to Linux Sudo Vulnerability (CVE-2021-3156), Sudo needs to be updated to version 1.9.5p2 version released on January 26, 2021.

Quote by Linus Torvalds
Quote by Linus Torvalds

All operating systems sucks, but Linux just sucks less.

Linus Torvalds

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about other Linux Sudo vulnerabilities, you could also read our articles:

You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?