CVE-2021-3156: Linux OS Sudo Security Bug

Vendor: VMware

Product: Linux

Component: Sudo

Date: 26th January 2021

Target: IT Managers, SysOps

What's new

Any user with login access to a Linux OS can utilise a Buffer Overflow to gain administrative access to the system using Sudo.

How does this affect me?

If you are running the following version of Sudo then you are affected: -

All legacy versions from 1.8.2 to 1.8.31p2

All stable versions from 1.9.0 to 1.9.5p1

What do I need to do?

As per Qualys's instructions, to test if your system is vulnerable, login as a non-root user and run command: -

 sudoedit -s /

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

If you are vulnerable update Sudo or your OS.

References

CVE-2021-3156

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Facebook scams, don’t be fooled

With around 2.9 billion monthly users, Facebook is one of the most popular social media sites. So it’s no surprise that this large audience is a target for scams and fraudulent activity. There are some common tricks that cyber criminals like to use. Take a look and see if you have come across any.

Show you’re serious about security with Cyber Essentials

Cyber Essentials (CE) and Cyber Essentials Plus (CE+) are accreditations that demonstrate your organisation’s commitment to safe digital practices. Here’s why we think they’re important and how you can get started.

Windows 11: Everything you need to know

The latest major release from Microsoft hosts some powerful and attractive new features. Find out more about Windows 11 here before you upgrade.

Our long-standing business as commercial property advisors have for many years totally relied on Datcom for trusted IT support and computing solutions. These have included new installations, upgrades and general computing support in a prompt, professional and highly competent way by their resident IT experts.

Orchard House

Senior Partner
Datcom have provided Beaumont Leys School with IT system management and solutions advice over the past four years. We have received a high quality and friendly service at all levels and always in a prompt and professional manner. I have always felt at ease with running our school network knowing that the Datcom team are there to offer support when required.

Manager

Beaumont Leys School
We have a 24-hour operation and Datcom have provided the system and expertise to keep our systems up and running. We have confidence in the fact that an engineer is available through their extended hours service 24/7.

Finance Director

QK Cold Stores (Marston) Ltd
We use Datcom for third-line support and advice when planning for growth and development. They always offer considered and well-thought-out ideas and suggestions. They are like an extension of our own team.

CIS Manager

Inzpire Ltd
We’ve been a client of Datcom’s now for over six years. They’ve seen us through major server upgrades, transitions to cloud-based services and they look after our day-to-day support. Always there, technically proficient and a human face for a complex area, they are a valued and trusted partner of our business.

FMC Global Talent

Office Manager