-0.7 C
New York
Saturday, March 6, 2021

Elon Musk wants to create a city of his own

It will be called "Starbase" and it will be in Texas, and this time it is not just a dream.Elon Musk now wants to build...
More

    Critical sudo vulnerability grants local attackers root rights

    Using the ten-year-old vulnerability CVE-2021-3156, local attackers can gain root rights via sudo without sudo permissions. There are Linux and BSD updates.

    On Unix-like operating systems, the sudo command enables certain commands to be executed with the rights of another user, for example those of the superuser root. Now employees of the IT security company Qualys have found a security hole in sudo that could be exploited by any local attacker to gain root privileges without authentication. According to Qualys, no sudo permissions are required for this.

    CT Forcast: Crypto Price Analysis

    Do you know Bitcoin Price May Fall Ahead Of Chinese New Year says analyst yes, its true but this technical indicator can give you laser sharp entry points to invest money in cryptocurrency consistently.

    The vulnerability, also known as “Baron Samedit” by Qualys, has been assigned ID CVE-2021-3156. An article on the Red Hat Customer Portal called the CVSS score 7.0 (“High”); the Arch Linux developers, in turn, rate the gap as critical. According to Qualys, the security problem has existed since July 2011 and affects older sudo versions from 1.8.2 to 1.8.31p2 and current versions from 1.9.0 to 1.9.5p1 – each in the standard configuration . In practice this means that all current versions of Linux distributions and BSDs that use sudo should be affected. Several distributions have provided updated packages that users should install as soon as possible.sudo 1.9.5p2 is secured .

    CVE-2021-3156 is based on errors parsing sudo command inputs that can cause a heap-based buffer overflow. The exploit is described as being based on entering the command “sudoedit -s” followed by a special command-line argument ending in a single backslash. In tests on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), the research team obtained root rights in each case.

    Qualys has published both a detailed description of the exploit and a video demonstrating the attack.

    Linux and BSD users should keep an eye out for security advisories related to CVE-2021-3156 as well as new sudo packages. Current information from various distributions can be found here:

    Latest Posts

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.