Lucene search

K
archlinuxArchLinuxASA-202101-25
HistoryJan 20, 2021 - 12:00 a.m.

[ASA-202101-25] sudo: multiple issues

2021-01-2000:00:00
security.archlinux.org
85

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

Arch Linux Security Advisory ASA-202101-25

Severity: Critical
Date : 2021-01-20
CVE-ID : CVE-2021-3156 CVE-2021-23239
Package : sudo
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1431

Summary

The package sudo before version 1.9.5.p2-1 is vulnerable to multiple
issues including privilege escalation and information disclosure.

Resolution

Upgrade to 1.9.5.p2-1.

pacman -Syu “sudo>=1.9.5.p2-1”

The problems have been fixed upstream in version 1.9.5.p2.

Workaround

None.

Description

  • CVE-2021-3156 (privilege escalation)

A serious heap-based buffer overflow has been discovered in sudo before
version 1.9.5p2 that is exploitable by any local user. It has been
given the name Baron Samedit by its discoverer. The bug can be
leveraged to elevate privileges to root, even if the user is not listed
in the sudoers file. User authentication is not required to exploit the
bug.

  • CVE-2021-23239 (information disclosure)

A security issue was found in sudo before version 1.9.5. A race
condition in sudoedit could have allowed an attacker to test for the
existence of directories in arbitrary locations in the file system.

Impact

Any unprivileged user can escalate privileges, and a local attacker
could figure out file locations through a race condition.

References

https://www.openwall.com/lists/oss-security/2021/01/11/2
https://www.sudo.ws/alerts/unescape_overflow.html
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/repos/sudo/rev/9b97f1787804
https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
https://www.sudo.ws/repos/sudo/rev/049ad90590be
https://www.sudo.ws/repos/sudo/rev/09f98816fc89
https://www.sudo.ws/repos/sudo/rev/c125fbe68783
https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
https://security.archlinux.org/CVE-2021-3156
https://security.archlinux.org/CVE-2021-23239

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanysudo< 1.9.5.p2-1UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%