Most Linux distributions affected by a sudo(8) bug that allows privilege escalation to root
Announced today was CVE-2021-3156 a/k/a "Baron Samedit", a vulnerability to most default installations of sudo(8) prior to 1.9.5p2 on Linux, that may go back as far as 10 years. Many Linux distributions are distributed with sudo(8) as a default install package. The bug was discovered by the Qualys team about two weeks ago and patches were released starting today.
The vulnerability results from a heap-based buffer overflow that can be exploited from the command line by an low-privileged user compromised by an attacker. In this case your layers of security matter. Access of all accounts should be scrutinized, particularly low-privileged account access, which can be leveraged to escalate privileges to devastating effect. The Sudo team released a simple explanation of the vulnerability.
What's different about this vulnerability, when compared to CVE-2019-14287 a/k/a -1 UID bug and CVE-2019-18634 a/k/a pwdfeedback, is that the vulnerability does not require an esoteric or specialized sudo configuration, the only thing that is required is the basic package installation, including /etc/sudoers. This is a bad one. Patching should be expedited as it shouldn't have a huge impact on operations. Additionally, an audit the use of low-privileged accounts and the access and authorization controls for those accounts is also in order. Perform this audit to catalog and understand which applications are using low-privileged accounts that may be exposed to external attack and compromise and the potential for vertical escalation of privileges.
Video - Qualys demonstrates the Baron Samedit exploit
In this video the Qualys team demonstrates exploitation of the bug CVE-2021-3156 with a quick couple of compiles, the exploit and a library, and a command line execution that iterates the exploit until the root shell is obtained. Essentially, this vulnerability means that if /etc/sudoers is present (facilitating the exploit via "sudoedit -s") you've got pathway to privilege escalation to root.
Stay safe, scan, patch, repeat. Subscribe