On January 26, 2021, a heap-based buffer overflow vulnerability (CVE-2021-3156) in sudo was disclosed. Unprivileged users can gain root privileges on a vulnerable host that uses a default sudo configuration by exploiting this vulnerability.

Detected vulnerability

  • Vulnerability number: CVE-2021-3156
  • Vulnerability severity: high
  • Affected versions:
    • All legacy versions from 1.8.2 to 1.8.31p2
    • All stable versions from 1.9.0 to 1.9.5p1
  • Affected ECS images:
    • Alibaba Cloud Linux 2
    • CentOS 6/7/8
    • Red Hat Enterprise Linux 6/7/8
    • Ubuntu 14/16/18/20
    • Debian 8/9/10
    • SUSE Linux Enterprise Server 12/15
    • OpenSUSE 42.3/15
    • FreeBSD 11/12

Details

Sudo is included in most if not all UNIX- and Linux-based operating systems. It allows users to run programs by using the security privileges of another user. Successful exploitation of this vulnerability allows unprivileged users to gain root privileges on the vulnerable host.

Security suggestion

Install the patch for the CVE-2021-3156 vulnerability at your earliest convenience.

As of now, most systems have fixed the corresponding sudo vulnerabilities, and the corresponding update packages have been launched. You must install the patch for the CVE-2021-3156 vulnerability at your earliest convenience.

Detection method

The following detection methods are available:
  • Method 1: run sudo --version to check whether the sudo version number is within the affected version range.
  • Method 2: log on to the system as a non-root account and run sudoedit -s /.
Return result:
  • If an error message that starts with sudoedit: is returned, the sudo is affected and you must fix the vulnerability.
  • If an error message that starts with usage: is returned, the patch is installed and you do not need to fix the vulnerability.

Solution

Update sudo version to 1.9.5p2 or later.

References

Announcing party

Alibaba Cloud Computing Co., Ltd.