VULNERABILITY IN SUDO CVE-2021-3156 - SOLUTION

SUDO CVE-2021-3156

SUDO CVE-2021-3156

IMPORTANT NOTE: We were briefly offering a package to correct this vulnerability in sudo. We later removed it after understanding that the vulnerability had already been fixed although the version number of sudo seems to indicate otherwise. For this reason we have returned this article to its original form. If you were among those who installed our patch, it's not the end of the world, you can easily return to the official version of sudo offered by Deepin by executing the following command in a terminal:

sudo apt install sudo = 1.8.27.5-1 + eagle 

We are sorry for any inconvenience this may have caused you.

Security researchers Qualys have revealed a bug in sudo, a standard Linux and Unix utility for managing administrative rights. sudo It is included in most, if not all, Unix- and Linux-based operating systems, and this vulnerability has been around for almost 10 years. The bug was introduced in a change made in July 2011, so it is present in legacy versions of sudo (1.8.2 to 1.8.31p2) and in all stable versions (1.9.0 to 1.9.5p1) in their default configuration.

The fault exists in the way that sudo maneja el carácter de barra invertida (\). Tradicionalmente, Unix ha permitido a los usuarios utilizar la barra invertida para escapar de los caracteres reservados para cambiar su comportamiento. Un fallo en este código permite a un atacante saltarse parcialmente este comportamiento de forma que permite un heap overflow. By passing a carefully crafted set of arguments to sudo In combination with the -s or -i command line option, an attacker can use this flaw to gain privilege escalation.

Qualys has not released proof of concept code for this vulnerability and has stated that it has no plans to do so. The successful exploitation of CVE-2021-3156 allows an attacker to gain access at the root level (administrative root) on Linux and Unix systems, even if the account does not have rights granted through sudo.

Linux distributions usually come with the current stable version of the standard utilities like sudo. Due to the timing of the bug, Red Hat Enterprise Linux 7 and 8 are affected, but the old Red Hat Enterprise Linux 6 is not. The situation with other Linux distributions will be similar.

Linux vendors often feed back security fixes to older versions in order to minimize compatibility issues. Update to the latest version of sudo available for the version of Linux or Unix you are running is the best course of action.

Deepin this time has corrected the problem in the last update that I released to sudo. It is noteworthy however that the version number still remains below the patched version, more however, although the version number is below what it should be, the official version contains the fix to that vulnerability.

If you have recently updated then you should already have the vulnerability patched, but if you have not received it and you want to speed up the process, you can do so by executing the following command in a terminal:

sudo apt update && sudo apt full-upgrade

Once this is done, your system will be safe and with the vulnerability corrected.

Font: Qualys blog

5 15 votes
Rate the Article
 
Subscribe
Report of
6 Reacciones
More popular
Newer Older
Opinion from the article
See all comments
Alberto Jiménez
Alberto Jiménez (@alberto2003)
2 meses atrás

This failure is ugly, I remember that not long ago another similar one happened with sudo, that it does not become the new normal.

Vicente Blanco
Vicente Blanco (@vicente544blanco)
Respondiendo a  Alberto Jiménez
2 meses atrás

It is inevitable, there will always be security flaws, it is the nature of the beast Alberto Jiménez.

Alberto Jiménez
Alberto Jiménez (@alberto2003)
Respondiendo a  Vicente Blanco
2 meses atrás

It's true, we just don't get to the Windows level where it's rare the month that no vulnerability comes out, it would be bad for Linux.

f3rlnx
f3rlnx (@f3rlnx)
2 meses atrás

Until today I have version 1.8.27, which version is the one that prevents this vulnerability?

6
0
We would like to know what you think, join the discussion.x
()
x