silversurfer

Level 79
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
6,767
A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.

The Sudo privilege escalation vulnerability tracked as CVE-2021-3156 (aka Baron Samedit) was discovered by security researchers from Qualys, who disclosed it on January 13th and made sure that patches are available before going public with their findings.

According to Qualys researchers, the issue is a heap-based buffer overflow exploitable by any local user (normal users and system users, listed in the sudoers file or not), with attackers not being required to know the user's password to successfully exploit the flaw.
The buffer overflow allowing any local user to obtain root privileges is triggered by Sudo incorrectly unescaping backslashes in the arguments.

"Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i)," the 1.9.5p2 changelog reads.
"However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible."
 
Top