CVE-2021-3156: Linux OS Sudo Security Bug

Vendor: VMware

Product: Linux

Component: Sudo

Date: 26th January 2021

Target: IT Managers, SysOps

What's new

Any user with login access to a Linux OS can utilise a Buffer Overflow to gain administrative access to the system using Sudo.

How does this affect me?

If you are running the following version of Sudo then you are affected: -

All legacy versions from 1.8.2 to 1.8.31p2

All stable versions from 1.9.0 to 1.9.5p1

What do I need to do?

As per Qualys's instructions, to test if your system is vulnerable, login as a non-root user and run command: -

 sudoedit -s /

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

If you are vulnerable update Sudo or your OS.

References

CVE-2021-3156

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

In Out, In Out, Shake It All About!

Will you return to the office? Would you prefer to stay working from home? Or are you looking to offer your staff a mix of both?

Microsoft Exchange Server Multiple CVE's

Skype for Business Online EOL 31 July 2021

EOL for SfB, make sure you're migrated before July.

For many years now Datcom have been supporting our IT systems and providing up to date, bespoke solutions to meet our demands and keep us safe and secure. Their team of engineers are highly skilled and no challenge has been too great so far, including new server, cloud solutions and Cyber Essentials Plus accreditation. I would strongly recommend them.

Finance Director

Ramco Ltd
We’ve outsourced our IT support and solution provision to Datcom for 5 years now and have found them to be proactive and professional. Their rapid response in getting our employees working from home in the build-up to the COVID-19 lockdown has enabled trouble-free home working.

Reflex Gaming Ltd

Managing Director
Datcom have been our IT partner for many years, providing reliable support for our network, backups and client PCs & laptops. Due to the nature of our business a lot of our team are remote or home workers, so having someone on hand to get our people quickly back up and running if they have a problem is a real asset to our business.

RFMW

Director of Finance
Datcom provides all our IT solutions and support. They deliver a quality professional and prompt service and are always available to provide assistance when required.

Managing Director

Castlegate Finanical Management
In today's business society companies change their IT service provider if they are too expensive, not good enough or just not being provided with the quick efficient service they have been promised. I have found Datcom services prompt and good value, with good advice on making my business more cost effective, that is why I have used them since 2007.

P Atkins Ltd

CEO