Menu
sudo before v1.9.5p2 has a Heap-based buffer overflow, allowing privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character.
I'm wondering if it is enough to run:
sudo apt update
on a Ubuntu server to fix CVE-2021-3156?
I've been doing some reading but I haven't found any concrete answer, I guess because it is a very recent issue.
Thanks you!
988
You need to update APT's package list and then install the upgrade:
sudo apt-get update
sudo apt-get --only-upgrade install sudo
Whether your system is vulnerable or not can be checked before and after a potential fix.
Just type into a non-root shell:
$ sudoedit -s /
Doing this before updating, if you get a response starting with sudoedit like:
sudoedit: /: not a regular file
your system is vulnerable and you are doing good to update sudo as advised by @Travis Warlick.
If you get a response, which should be the case after updating or you have a recent (1.9.5p2 or higher) or old enough (prior to 1.8.2) version already, like:
usage: sudoedit [-AknS] [-r role] ...
your system is not (anymore) vulnerable in relation to CVE-2021-3156.
Affected sudo versions from stock are:
1.8.2 to 1.8.31p21.9.0 to 1.9.5p1Version 1.9.5p2 is save.
To check your version: $ sudo --version
Grabbed those informations from here.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
