CVE-2021-3156: Linux OS Sudo Security Bug

Vendor: VMware

Product: Linux

Component: Sudo

Date: 26th January 2021

Target: IT Managers, SysOps

What's new

Any user with login access to a Linux OS can utilise a Buffer Overflow to gain administrative access to the system using Sudo.

How does this affect me?

If you are running the following version of Sudo then you are affected: -

All legacy versions from 1.8.2 to 1.8.31p2

All stable versions from 1.9.0 to 1.9.5p1

What do I need to do?

As per Qualys's instructions, to test if your system is vulnerable, login as a non-root user and run command: -

 sudoedit -s /

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

If you are vulnerable update Sudo or your OS.

References

CVE-2021-3156

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Microsoft 365 Outage on 25 Jan 2023

Notice for Microsoft 365 Outage 25 Jan 2023

Why Managed IT Services are good for your business

The East Midlands is packed with amazing and successful businesses – all of which are different and unique in the way they conduct themselves and achieve their goals. One thing that many of these businesses do have in common is that they choose to use Managed IT Services.

Charity of the Year: Lymphoma Action

This year, Datcom have chosen to raise money for Lymphoma Action and help support people affected by this cancer. The Datcom team have been busy thinking up fresh ideas and this year we’re going big!

In today's business society companies change their IT service provider if they are too expensive, not good enough or just not being provided with the quick efficient service they have been promised. I have found Datcom services prompt and good value, with good advice on making my business more cost-effective, which is why I have used them since 2007.

P Atkins Ltd

CEO
Having an IT team that you can trust is pivotal to any business. Duncan & Toplis have a team of over 400 employees working from a multitude of locations. We have complex systems in place which Datcom confidently manage - allowing us to get on and do our jobs. They work with us to fully understand what our needs are and we feel reassured we’re in good hands

Duncan & Toplis

Deputy Managing Director
Datcom provide IT support and solutions. They deliver a professional and prompt service and are always available to provide assistance and expertise.

EH Thorne

Director
Our experience using Datcom has been excellent. Not only have they provided us with IT and solutions, they have delivered the service in a highly professional and timely fashion.

Business Manager

Mather Jamie Ltd
We’ve outsourced our IT support and solution provision to Datcom for five years now and have found them to be proactive and professional. Their rapid response in getting our employees working from home in the build-up to the COVID-19 lockdown has enabled trouble-free home working.

Reflex Gaming Ltd

Managing Director