• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

There is a decade-old sudo bug..


Recommended Posts

image.png

Sudo is a program on UNIX systems that allows system administrators to give limited root access to users in sudoers files. On UNIX-like systems, unprivileged users can use the sudo command to execute commands as root.

Qualys researchers discovered a security vulnerability in Linux sudo, CVE number CVE-2021-3156, also known as Baron Samedit, a heap-based cache overflow vulnerability that affects most current Linux distributions.

According to a vulnerability bulletin posted by Baron SamEdit, an attacker does not need a user password to exploit the vulnerability. An attacker with access to a low-privileged account could use the vulnerability to gain root access, even if the account is not in the /etc/sudoers profile.

More holes technical details see: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

PoC video see: https://player.vimeo.com/video/504872555

The vulnerability was present in the sudo program released in July 2011 and is now nearly 10 years old, so it should affect all sudo releases over the past decade, specifically affecting the default configuration of all stable versions of sudo from 1.9.0 to 1.9.5P1, and versions 1.8.2 to 1.8.3P2.

Two sudo security vulnerabilities -- CVE-2019-14287 and CVE-2019-18634 -- have also been reported by researchers over the past two years. However, this vulnerability is the most serious of the three, because these two vulnerabilities require complex and non-standard sudo Settings, making them difficult to exploit.

Qualys researchers claim to have independently verified the vulnerability and have developed multiple exploits for Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). In addition, other operating systems and distributions may also be affected.

Qualys said that if botnet operators brutally compromised low-level service accounts, the vulnerability could be misused in the second stage of the attack to help intruders gain root access and ultimately gain control of the entire server.

A patch for the vulnerability has now been released and the researchers advise users to update to the latest version of sudo.

Complete technical details see: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now