CVE-2021-3156-Heap-based buffer overflow in Sudo

DESCRIPTION
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character:

IMPACT
A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user’s password). Successful exploitation of this flaw could lead to privilege escalation.

SYSTEM AFFECTED
The heap-based buffer overflow flaw is present in sudo legacy versions (1.8.2 to 1.8.31p2) and all stable versions (1.9.0 to 1.9.5p1) in their default configuration.

RECOMMENDATIONS
The bug has been fixed in sudo 1.9.5p2.
https://www.sudo.ws/stable.html#1.9.5p2

REFERENCES
https://www.sudo.ws/stable.html#1.9.5p2
https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

Share