Lucene search

PRIOn knowledge basePRION:CVE-2021-3156

HistoryJan 26, 2021 - 9:15 p.m.

Heap overflow

2021-01-2621:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.

CPENameOperatorVersion
privilege_management_for_maclt21.1.1
privilege_management_for_unix\\/linuxeq< 10.3.2-10
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq32
fedoraeq33
web_gatewayeq8.2.17
web_gatewayeq9.2.8
web_gatewayeq10.0.4
communications_performance_intelligence_centerge10.4.0.1.0

Name	Operator	Version
privilege_management_for_mac	lt	21.1.1
privilege_management_for_unix\\/linux	eq	< 10.3.2-10
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	32
fedora	eq	33
web_gateway	eq	8.2.17
web_gateway	eq	9.2.8
web_gateway	eq	10.0.4
communications_performance_intelligence_center	ge	10.4.0.1.0

Rows per page:

1-10 of 301

References

packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

seclists.org/fulldisclosure/2021/Feb/42

seclists.org/fulldisclosure/2021/Jan/79

seclists.org/fulldisclosure/2024/Feb/3

www.openwall.com/lists/oss-security/2021/01/26/3

www.openwall.com/lists/oss-security/2021/01/27/1

www.openwall.com/lists/oss-security/2021/01/27/2

www.openwall.com/lists/oss-security/2021/02/15/1

www.openwall.com/lists/oss-security/2021/09/14/2

www.openwall.com/lists/oss-security/2024/01/30/6

www.openwall.com/lists/oss-security/2024/01/30/8

kc.mcafee.com/corporate/index?page=content&id=SB10348

lists.debian.org/debian-lts-announce/2021/01/msg00022.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/

security.gentoo.org/glsa/202101-33

security.netapp.com/advisory/ntap-20210128-0001/

security.netapp.com/advisory/ntap-20210128-0002/

support.apple.com/kb/HT212177

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability

www.debian.org/security/2021/dsa-4839

www.kb.cert.org/vuls/id/794544

www.openwall.com/lists/oss-security/2021/01/26/3

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpuoct2021.html

www.sudo.ws/stable.html

www.synology.com/security/advisory/Synology_SA_21_02