Security News > 2021 > August > HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
2021-08-30 21:46

Rated high in severity, HPE warns the Sudo flaw could be part of a "Chained attack" where an "Attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges," according to a recent HPE security bulletin.

Sudo is a program used by other platforms that "Allows a system administrator to delegate authority to give certain users the ability to run some commands as root or another user," according to the Sudo license.

At the time the Sudo bug was found, Mehul Revankar, Qualys' VP of Product Management and Engineering, described the Sudo flaw in a research note as, "Perhaps the most significant Sudo vulnerability in recent memory and has been hiding in plain sight for nearly 10 years."

"A vulnerability in the command line parameter parsing code of Sudo could allow an attacker with access to Sudo to execute commands or binaries with root privileges," according to the security bulletin.

Qualys researchers named the Sudo vulnerability "Baron Samedit" and said the bug was introduced into the Sudo code in July 2011.

"The Sudo bug is a heap-based buffer overflow, which lets any local user trick Sudo into running in"shell" mode.


News URL

https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HPE 172 0 45 78 18 141