Language Selection

English French German Italian Portuguese Spanish

Another Sudo Root Privilege Escalation Vulnerability Got Patched, Update Now

Filed under
Security

Sudo 1.9.5p2 was released today and it addresses two security issues. The first, CVE-2021-3156 (a.k.a. Baron Samedit), was discovered by Qualys Research Labs and could allow local users (sudoers and non-sudoers) to obtain unintended access to the root (system administrator) account.

In addition, the new release patches CVE-2021-23239, a vulnerability discovered in Sudo’s sudoedit utility, which could allow a local attacker to bypass file permissions and determine if a directory exists or not. This security flaw affected Sudo versions before 1.9.5.

Read more

BleepingComputer

Anti-Linux writers rejoice

The original

  • CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

    Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability and develop multiple variants of exploit and obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and distributions are also likely to be exploitable.

Sudo vulnerability allows attackers to gain root privileges...

3 More

  • 10-year-old Sudo Bug Lets Linux Users Gain Root-Level Access
  • Sudo Flaw Gives Linux Users Root Access | Decipher

    Researchers from Qualys uncovered a major vulnerability in an application that allows administrators to delegate limited root access to regular users. While most major Linux distributions have released fixed versions of sudo, administrators still have to verify their systems are protected. Some of the smaller distributions may not yet have incorporated the fix.

    The vulnerability allows a regular user on a system to gain root access, even if the account is not listed as one of the authorized accounts in the /etc/sudoers configuration file. The regular user account also does not need to know the password in order to exploit the vulnerability. Qualys said the flaw impacts all Sudo installs using the sudoers file—which is the case for many Linux systems. Researchers have developed exploit variants for Debian 10 (Sudo 1.8.27), Ubuntu 20.04 (Sudo 1.8.31), and Fedora 33 (Sudo 1.9.2). Qualys coordinated the release of Sudo v 1.9.5p2 to fix the flaw, CVE-2021-3156 (Baron Samedit).

  • Serious 10-year-old flaw in Linux sudo command; a new version patches it | Network World

    Linux users should immediately patch a serious vulnerability to the sudo command that, if exploited, can allow unprivileged users gain root privileges on the host machine.

    Called Baron Samedit, the flaw has been “hiding in plain sight” for about 10 years, and was discovered earlier this month by researchers at Qualys and reported to sudo developers, who came up with patches Jan. 19, according to a Qualys blog. (The blog includes a video of the flaw being exploited.)

Critical Vulnerability Patched in 'sudo' Utility...

PSA: If your PC runs Linux, you should update Sudo now

  • PSA: If your PC runs Linux, you should update Sudo now

    Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it’s not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that targets the “Sudo” program to gain root access. The bug this time seems to be quite serious, and the bug has existed within the codebase for almost 10 years! Although the privilege escalation vulnerability has already been patched, it could potentially be exploited on nearly every Linux distribution and several Unix-like operating systems.

An unpleasant sudo vulnerability

  • An unpleasant sudo vulnerability

    It would appear that "sudo" has a buffer-overflow vulnerability that allows any local user to gain root privileges, whether or not they are in the sudoers file. It has been there since 2011. See this advisory for details, but perhaps run an update first.

Sudo Bug Gives Root Access to Mass Numbers of Linux Systems

  • Sudo Bug Gives Root Access to Mass Numbers of Linux Systems

    Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.

    A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered — and it had been sitting there for a decade, researchers said.

    The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Qualys researchers named the vulnerability “Baron Samedit,” tracked as CVE-2021-3156. They said the bug popped into the Sudo code back in July 2011.

    [...]

    Here’s how the vuln works: Specifically, the bug is a heap-based buffer overflow in Sudo, which lets any local user trick it into running in “shell” mode.

    Sudo authors explained in a Tuesday advisory that when Sudo is running in shell mode, “it escapes special characters in the command’s arguments with a backslash.” Then, a policy plug-in removes any escape characters before deciding on the Sudo user’s permissions.

    But it’s not just a single bug which exposed these systems, it’s actually the combination of two bugs working in tandem in Sudo that makes the exploitation possible, the authors explained.

    “A bug in the code that removes the escape characters will read beyond the last character of a string if it ends with an unescaped backslash character,” the Sudo authors explained. “Under normal circumstances, this bug would be harmless since Sudo has escaped all the backslashes in the command’s arguments.”

Decade-old vulnerability is still affecting most Linux distro

  • Decade-old vulnerability is still affecting most Linux distros

    Security researchers at Qualys discovered a privilege escalation vulnerability in one of the core utilities present in all Unix-like operating systems including Linux.

    If exploited, the heap overflow vulnerability in the Sudo utility could allow any unprivileged user to gain root privileges.

    The vulnerability, which has now been patched, has existed for almost a decade, according to a blog post by Animesh Jain, a Vulnerability Signatures Product Manager at Qualys.

Cyber Command, NSA warn to patch decade-old sudo vulnerability

  • Cyber Command, NSA warn to patch decade-old sudo vulnerability

    U.S. intelligence officials are urging Amrican companies and security workers to fix a software flaw that, if exploited, would give attackers deep access to a victim machine.

    The vulnerability, which now has a patch, would have allowed unauthorized users to gain what’s known as root privileges on vulnerable hosts as early as 2011 when the flaw was introduced, researchers at the security firm Qualys found. Root access would enable hackers to obtain administrative privileges over a machine, and quietly collect sensitive information.

    The vulnerability has existed for 10 years in sudo, a common tool found on nearly all Unix and Linux-based operating systems that generally allows system administrators to give some approved users root privileges.

    The flaw affects legacy versions from 1.8.2 to 1.8.31p2 and all default versions from 1.9.0 to 1.9.5p1, according to Qualys.

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug

  • ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

    Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems.

    The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even those off of sudoers list, to gain root access. It has been patched in the latest release of sudo.

    “Any user – even the lowest of the low privileged – can access root,” said Mehul Revankar, vice president of product management and engineering at Qualys.

    Though other Sudo vulnerabilities have been found in the past, it’s rare that a bug affects any account, rather than accounts meeting specific conditions.

    “We expect millions of systems to be affected,” said Revankar.

Sudo Vulnerability 2021: 'Baron Samedit' Bug on Linux...

  • Sudo Vulnerability 2021: 'Baron Samedit' Bug on Linux Gives Attackers Free Root-Level Access

    A major vulnerability impacting a large chunk of the Linux ecosystem has been patched today in Sudo, an app that allows admins to delegate limited root access to other users.

    As reported by ZDNet, a major vulnerability was discovered two weeks ago that impacts the Linux ecosystem tremendously. Today, the problem has been patched by an app called Sudo which permits admins in Linux to consign limited root access for other users. It was fixed with the release of the Sudo v1.9.5p2.

    [...]

    Thankfully, Sudo has already fixed this problem for the Linux ecosystem. It can be found in sudo 1.9.5p2. Sudo added that if users want to check if their version of Sudo is vulnerable, they can key in the following commands to check:

    sudoedit -s '\' 'perl -e 'print "A" x 65536''

    Ideally, you should receive a usage or error message. This indicated that your version of Sudo is not vulnerable. On the other hand, if the result that arises is a Segmentation for, then you can expect that your Sudo version is indeed vulnerable.

    Sudo's update should be applied as early as possible to prevent malicious acts by attackers. If you need to know more technical information about checking your Sudo status, you can check The Qualys advisory.

Three more pieces

  • Bug in Linux sudo command could give any user root access

    Researchers from Qualys have disclosed a vulnerability in the sudo utility that could be exploited to grant system administrator privileges to any user that is logged into a system.

    Dubbed Baron Samedit (CVE-2021-3156), Qualys recommended that users apply patches for the vulnerability immediately.

    The developers of sudo were informed about the security flaw on 13 January and the bug was patched on 19 January — a week before it was publicly disclosed.

    Sudo is a widely used program in Unix-like operating systems. Qualys confirmed that the Baron Samedit bug was present in Linux distributions such as Ubuntu, Debian, and Fedora.

  • Weekly threat roundup: Apple, SonicWall, Linux Sudo

    A significant vulnerability in the Linux Sudo command could inadvertently grant unauthorised users root access to a system, even if the account isn’t listed as an authorised account.

    Sudo allows administrators to delegate limited root access to regular users, but the vulnerability tagged CVE-2021-3156 can be exploited by an unprivileged user to gain root privileges on a vulnerable host.

    The flaw has been hiding in plain sight for nearly a decade having been introduced in July 2011, according to Qualys security researchers. Multiple versions of Sudo are therefore likely to be affected, including legacy versions 1.8.2 to 1.8.31p2 and stable versions from 1.9.0 to 1.9.5p1.

  • Decade-Old Sudo Flaw Discovered

    A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.

    Sudo is the venerable tool that allows standard users to run admin tasks on Linux distributions. Without sudo, users would have to log into the system as the root user (or change to the root user with the su command), in order to run admin commands. Seeing as how that is looked upon as a security risk, sudo has become a required tool for many Linux admins and users.

    However, it has been discovered (by researchers at Qualys) that, for nearly a decade, sudo contained a heap-based buffer overflow vulnerability. This bug could allow any unprivileged user to gain root privileges using the default sudo configuration.

Sudo Vulnerability Discovered

Researchers: Beware of 10-Year-Old Linux Vulnerability

  • Researchers: Beware of 10-Year-Old Linux Vulnerability

    The vulnerability, called "Baron Samedit" by the researchers and officially tracked as CVE-2021-3156, is a heap-based buffer overflow in the Sudo utility, which is found in most Unix and Linux operating systems.

    Sudo is a utility included in open-source operating systems that enables users to run programs with the security privileges of another user, which would them give them administrative – or superuser - privileges.

    The bug, which appears to have been added into the Sudo source code in July 2011, was not detected until earlier this month, Qualys says.

    "Qualys security researchers have been able to independently verify the vulnerability and develop multiple variants of exploits and obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and distributions are also likely to be exploitable," the researchers say.

This Week In Security: Sudo, Database Breaches, And Ransomware

  • This Week In Security: Sudo, Database Breaches, And Ransomware

    Sudo is super important Linux utility, as well as the source of endless jokes. What’s not a joke is CVE-2021-3156, a serious vulnerability around incorrect handling of escape characters. This bug was discovered by researchers at Qualys, and has been in the sudo codebase since 2011. If you haven’t updated your Linux machine in a couple days, you may very well be running the vulnerable sudo binary still. There’s a simple one-liner to test for the vulnerability:

    sudoedit -s '\' `perl -e 'print "A" x 65536'`

Linux sudo exploit gives root access

  • Linux sudo exploit gives root access

    Researchers have found a buffer overflow vulnerability in the Linux sudo program that means an ordinary user could give themselves root privileges.

    The Sudo command lets users act at higher security privilege levels – either as a superuser or some other user profile – so they can perform certain tasks without having full root access.

"Linux Flaw"

  • The Linux Flaw you can't afford to Ignore (CVE-2021-3156) [Ed: It is not a "Linux flaw" but a sudo flaw and it affects systems that are not Linux]

    Linux and Unix operating systems require regular patching like any IT system, but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.