All is well now, I do really need to upgrade this little old box of mine to Buster at some point!Īs far as I know, other than maybe Ubuntu, Linux distributions have not been affected by this vulnerability. When I ran apt update, a new update was available for sudo. Oops! It looks like I need to update sudo as well. You can also check the version with: sudo -V | grep -i 'sudo version' sudo apt update & sudo apt upgradeĪ this point, the sudo vulnerability should be patched. FULLDISC:20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) FULLDISC:20210211 APPLE-SA-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14. For those still on 9 can update your sudo package via the apt package manager. CISCO:20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021. Although this exploit has been patched in Debian 10 Buster. If you happen to find this within your sudoers file, then I highly recommend you remove it for security reasons. Something like this for example: Defaults env_reset,pwfeedback This happens when you append a certain option into the sudoers file. exploit the buffer overflow, but we would be forced to overwrite the signoNSIG array with non-zero bytes. (pwfeedback is a default setting in Linux Mint and elementary OS however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator. To be more specific it only affects version 9 of Debian code name Stretch. Description In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. It appears to affect versions of sudo before 1.8.25p1. CVE-2019-18634 was a vulnerability in sudo (<1.8.31) that allowed for a buffer overflow if pwfeedback was enabled. ![]() The vulnerability in question is CVE-2019-18634. According to the developers over at Debian, it seems there’s a vulnerability in sudo that allows hackers to exploit and gain root access to the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |