,

Sudo Privilege Escalation Vulnerability Discovered

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines
Posted on January 27, 2021
Penguin with red cross

Written by Raxis Research Team
Summary

Qualys recently discovered a heap-based buffer overflow in the sudo utility, which is in use on almost-all Unix based operating systems.* This vulnerability (CVE-2021-3156) can be exploited by any user, even if they are not in the sudoers file, and has been present since it was introduced in July 2011.

Affected Versions

Any operating system using the following sudo versions are vulnerable:

  • All legacy versions from 1.8.2 to 1.8.31p2
  • All stable versions from 1.9.0 to 1.9.5p1

This includes most major operating systems such as Ubuntu, RHEL, Debian, Fedora, etc. that have these versions of sudo installed. Qualys was able to develop exploits specifically for Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), but any operating system using the vulnerable versions of sudo should be considered vulnerable.

Testing for the Vulnerability

In addition to checking the sudo version, Qualys provided a simple way to test if a system is vulnerable or not. To test on an individual system, perform the following steps:

  1. Login to the system as a non-root user.
  2. Run command sudoedit -s /
  3. If the system is vulnerable, it will respond with an error that starts with sudoedit:
  4. If the system is patched, it will respond with an error that starts with usage:
Remediation

Raxis recommends patching any affected operating system using the vulnerable sudo versions. A list of advisories with links to patches that remediate the vulnerability from various operating system vendors is below:

* https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Raxis Research Team

Raxis Research Team
The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

Search The Exploit Blog

Blog Categories

Stay up to date with the latest in penetration testing

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.