Linux Security
Linux Security
Linux Security

The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)

Date 08 Feb 2021
559
Posted By Brittany Day
Sudo

Like any OS, Linux and Unix OSes require regular patching - but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected. Learn about a new critical rated Linux\Unix vulnerability you can't afford to ignore.

 

Last week (26th January 2021) a new critical rated Linux\Unix vulnerability was made public under CVE-2021-3156. Specifically, the vulnerability is within the ‘sudo’ program, which is an abbreviation of ‘superuser do‘, well that’s how I remember it. Sudo is a powerful and fundamental program found within all Linux and Unix distributions, allowing users to execute programs with the security privileges of another user. A typical use of sudo is where you need to run a program with privilege level (i.e. administrator) access rights.

The sudo ‘heap overflow’ vulnerability was discovered by Qualys researchers, the exploit allows any unprivileged user to gain root level (i.e. administrative) privileges. Qualys has posted a blog and video which explains and demonstrates the exploitation technique, which as exploits go is fairly quick and easy to do. See CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":83.67,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.16,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8.16,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.