CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.5%
Severity: Critical
Date : 2021-01-20
CVE-ID : CVE-2021-3156 CVE-2021-23239
Package : sudo
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1431
The package sudo before version 1.9.5.p2-1 is vulnerable to multiple
issues including privilege escalation and information disclosure.
Upgrade to 1.9.5.p2-1.
The problems have been fixed upstream in version 1.9.5.p2.
None.
A serious heap-based buffer overflow has been discovered in sudo before
version 1.9.5p2 that is exploitable by any local user. It has been
given the name Baron Samedit by its discoverer. The bug can be
leveraged to elevate privileges to root, even if the user is not listed
in the sudoers file. User authentication is not required to exploit the
bug.
A security issue was found in sudo before version 1.9.5. A race
condition in sudoedit could have allowed an attacker to test for the
existence of directories in arbitrary locations in the file system.
Any unprivileged user can escalate privileges, and a local attacker
could figure out file locations through a race condition.
https://www.openwall.com/lists/oss-security/2021/01/11/2
https://www.sudo.ws/alerts/unescape_overflow.html
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/repos/sudo/rev/9b97f1787804
https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
https://www.sudo.ws/repos/sudo/rev/049ad90590be
https://www.sudo.ws/repos/sudo/rev/09f98816fc89
https://www.sudo.ws/repos/sudo/rev/c125fbe68783
https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
https://security.archlinux.org/CVE-2021-3156
https://security.archlinux.org/CVE-2021-23239
blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
security.archlinux.org/AVG-1431
security.archlinux.org/CVE-2021-23239
security.archlinux.org/CVE-2021-3156
www.openwall.com/lists/oss-security/2021/01/11/2
www.openwall.com/lists/oss-security/2021/01/26/3
www.sudo.ws/alerts/unescape_overflow.html
www.sudo.ws/repos/sudo/rev/049ad90590be
www.sudo.ws/repos/sudo/rev/09f98816fc89
www.sudo.ws/repos/sudo/rev/9b97f1787804
www.sudo.ws/repos/sudo/rev/a97dc92eae6b
www.sudo.ws/repos/sudo/rev/c125fbe68783
www.sudo.ws/repos/sudo/rev/ea19d0073c02
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.5%