A new sudo vulnerability discovered by technical experts recently allows any local user to gain root privileges on Unix-like operating systems without any authentication.
Sudo is actually a Unix program that allows system administrators to provide limited root privileges to ordinary users listed in the sudoers file, while keeping logs of their activities. Sudo works in accordance with the "principle of least privilege". Based on this principle, the Sudo program only grants users sufficient privileges to complete the work without compromising the overall security of the system.
When executing commands on a Unix-like system, ordinary users can use the sudo (superuser do) command to execute commands as a super user (if they have permissions or know the password of the super user)-root is the super user of the system, that is A special system management account.
Root permissions for any local user
Qualys security researchers discovered and tracked the Sudo privilege escalation vulnerability named CVE-2021-3156 . According to the findings of Qualys researchers, the cause of this vulnerability is based on the fact that any local user (normal user and system user, whether listed in the sudoers file or not) can take advantage of heap-based buffer overflow and the attacker does not need to know The user password can successfully exploit this vulnerability.
Sudo mistakenly escaped the backslash character in the parameter, which triggered a buffer overflow and eventually caused any local user to gain root privileges. Usually, when running commands in a shell (sudo -s or sudo -i), sudo will escape special characters. However, when using sudoedit -s or sudoedit -i, there is actually no escape, which makes the buffer overflow possible.
Using these vulnerabilities, Qualys researchers were able to obtain complete root permissions on multiple Linux distributions. The researchers were on Debian 10 (Sudo 1.8.27), Ubuntu 20.04 (Sudo 1.8.31) and Fedora 33 (Sudo 1.9. 2) The CVE-2021-3156 vulnerability was reproduced on. According to Qualys, the CVE-2021-3156 vulnerability also exists in other operating systems and distributions supported by Sudo.
The vulnerabilities were fixed before they were made public
The vulnerability was first introduced into the system by the Sudo program in July 2011, and it has been nearly 10 years since. It will affect the default configuration of all stable versions from 1.9.0 to 1.9.5p1, and all old versions from 1.8.2 to 1.8.31p2.
Qualys disclosed this vulnerability in the internal community of the Sudo program on January 13, and today Sudo developers officially launched the sudo 1.9.5p2 version and fixed the vulnerability in this version. In order to prevent the vulnerability from being abused, Qualys has not officially disclosed their findings until now.
To test whether your system is affected by the vulnerability, you must first log in to the system as a non-root user and run the "*sudoedit -s /"* command. Vulnerable systems will cause errors beginning with "sudoedit:", while patched systems will display errors beginning with "usage:".
System administrators who use Sudo to delegate root privileges to other users should upgrade to sudo 1.9.5p2 or later as soon as possible.
For more details, you can check the technical details released by Qualys .