Sudo security issue – CVE-2021-3156
According to CVE there is a major bug found in sudo. Yes, that command we use to elevate rights on Linux systems. CVE states that “Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character’. Even if this issue was exposed a while ago there are stil many servers that need to be patched.
How to check
Bellow we have a Ubuntu 20.04 server and the commands necesarry to check if our system is vulnerable. This can be applied to any Linux system.
To check sudo version:
user@server:~$ sudo -V Sudo version 1.8.21p2 Sudoers policy plugin version 1.8.21p2 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.21p2
The vulnerable version will have the following or similar output to the command “sudoedit -s /” :
user@server:~$ sudoedit -s / sudoedit: /: not a regular file
If the system is patched the output is:
user@server:~$ sudoedit -s / usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
Qualys, the security company who discovered the bug, states that macOS, AIX and Solaris are also affected by this heap overflow vulnerability in sudo. The proof of concept can be found in this video.
How to fix it
To patch sudo with the lastest version, go to Sudo download page and get the lastest version, you can find the steps bellow. At the time of the post the latest version is sudo-1.9.6p1.
wget https://www.sudo.ws/dist/sudo-1.9.6p1.tar.gz tar xzvf sudo-1.9.6p1.tar.gz cd sudo-1.9.6p1 ./configure make && sudo make install
The easy way is to run sudo apt upgrade or sudo yum upgrade, this will patch the issue but may not upgrade to the latest version.
This vulnerability is a big issue and the patch must be applied as soon as possible in order to close the breach existent in a Linux system.