Sudo vulnerability ALARM

Сritical vulnerability affected much of the Linux ecosystem was patched on January 26 in Sudo.

Sudo is an application that allows administrators to delegate limited root access to other users, by default the superuser.

The vulnerability has the identifier CVE-2021-3156 or Baron Samedit. The vulnerability was identified by Qualys about two weeks ago, but it was only fixed today with the release of Sudo v1.9.5p2.

The fixed vulnerability CVE-2021-3156, as noted by the Qualys researchers, affects all Sudo installations where there is a sudoers file (/etc/sudoers) – this file is found in almost all default Linux + Sudo installations. + The Baron Samedit vulnerability has been around for a long time – it was present in the Sudo code back in July 2011, so vulnerability affects all versions of the applications released within the last 10 years.

Researchers were able to test the vulnerability and develop exploit variants for Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9.2), but other operating systems and distributions may also be vulnerable.

The Baron Samedit vulnerability can be exploited by attackers who gain access to a low-privilege account to gain root access, even if an account is not listed in /etc/sudoers, a configuration file that determines which users are granted access to sudo or su commands

More technical details in the Sudo team report.

3 thoughts on “Sudo vulnerability ALARM

Leave a Reply