CVE-2021-3156: Linux OS Sudo Security Bug

Vendor: VMware

Product: Linux

Component: Sudo

Date: 26th January 2021

Target: IT Managers, SysOps

What's new

Any user with login access to a Linux OS can utilise a Buffer Overflow to gain administrative access to the system using Sudo.

How does this affect me?

  • If you are running the following version of Sudo then you are affected: -
  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1

What do I need to do?

  • As per Qualys's instructions, to test if your system is vulnerable, login as a non-root user and run command: -
 sudoedit -s /

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

  • If you are vulnerable update Sudo or your OS.


  • CVE-2021-3156

Get in touch

Call us on 0333 000 3210 or Email us

Latest news...

Router vs Firewall

Many businesses nowadays require users to access resources remotely. That could mean a remote-access VPN for users in the field, a website hosted on a server within the network, or a remote desktop solution for people working from home. All of these systems are a potential target for attackers. Upgrading your standard issue ISP router will greatly improve your security.

Read More