Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 7: 2021-0056 Critical: Sudo Heap Overflow Privilege Escalation

mageia
Calendar Grey January 26, 2021
Dist Mageia Esm H88
CVE-2021-0056 exposes a significant buffer overflow vulnerability in the sudo command, allowing local users to escalate their privileges without needing authentication.
A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user

Summary

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug (CVE-2021-3156). Advisory text to describe the update. Wrap lines at ~75 chars.

References

- https://bugs.mageia.org/show_bug.cgi?id=28230

- - https://www.cve.org/CVERecord?id=CVE-2021-3156

Resolution

SRPMS

- 7/core/sudo-1.9.5p2-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 27 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0056.html
Type: security
CVE: CVE-2021-3156

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here