Security News > 2021 > January > Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)

A vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host.

"This vulnerability is perhaps the most significant sudo vulnerability in recent memory and has been hiding in plain sight for nearly 10 years," said Mehul Revankar, Vice President Product Management and Engineering, Qualys, VMDR, and noted that there are likely to be millions of assets susceptible to it.

"When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy if the command is being run in shell mode," sudo maintainer Todd C. Miller explained.

The bug has been fixed in sudo 1.9.5p2, downloadable from here.

Hacker House co-founder Matthew Hickey discovered that macOS Big Sur comes with sudo and is vulnerable - a fact that has been confirmed by Will Dormann, a vulnerability analyst at the CERT/CC. IBM AIX, a series of proprietary Unix operating systems developed by IBM for some of its computer platforms, is also affected.

Apple has released updates for macOS Big Sur, macOS Catalina and macOS Mojave that fix the sudo flaw.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/BRGtD4I533I/