ID

VAR-202101-1926

CVE

CVE-2021-3156

TITLE

sudo  Heap-based buffer overflow vulnerability in

DESCRIPTION

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. sudo has a heap-based buffer overflow due to the implementation of escaping special characters set in command arguments (CWE-122) Vulnerability exists. 2021 Year 2 Moon 5 As of the date macOS , AIX , Solaris It has been reported that it may also be affected by the virus, but it has not been confirmed by the finder. note that, 2021 Year 2 Moon 9 On the day Apple has released a security update to address this issue.A local third party can elevate privileges and execute commands with administrator privileges. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install. With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967) 4. Bugs fixed (https://bugzilla.redhat.com/): 1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: sudo: Multiple vulnerabilities Date: January 26, 2021 Bugs: #764986, #767364 ID: 202101-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/sudo < 1.9.5_p2 >= 1.9.5_p2 Description ========== Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact ===== Local users are able to gain unauthorized privileges on the system or determine the existence of files. Workaround ========= There is no known workaround at this time. Resolution ========= All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.5_p2" References ========= [ 1 ] CVE-2021-23239 https://nvd.nist.gov/vuln/detail/CVE-2021-23239 [ 2 ] CVE-2021-23240 https://nvd.nist.gov/vuln/detail/CVE-2021-23240 [ 3 ] CVE-2021-3156 https://nvd.nist.gov/vuln/detail/CVE-2021-3156 [ 4 ] Upstream advisory (CVE-2020-23240) https://www.sudo.ws/alerts/sudoedit_selinux.html [ 5 ] Upstream advisory (CVE-2021-3156) https://www.sudo.ws/alerts/unescape_overflow.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Bug Fix(es): * When performing an upgrade of the Red Hat Virtualization Host using the command `yum update`, the yum repository for RHV 4.3 EUS is unreachable As a workaround, run the following command: `# yum update --releasever=7Server` (BZ#1899378) 4. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ========================================================================== Ubuntu Security Notice USN-4705-1 January 26, 2021 sudo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Sudo. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: sudo 1.9.1-1ubuntu1.1 sudo-ldap 1.9.1-1ubuntu1.1 Ubuntu 20.04 LTS: sudo 1.8.31-1ubuntu1.2 sudo-ldap 1.8.31-1ubuntu1.2 Ubuntu 18.04 LTS: sudo 1.8.21p2-3ubuntu1.4 sudo-ldap 1.8.21p2-3ubuntu1.4 Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.10 sudo-ldap 1.8.16-0ubuntu1.10 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0224-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0224 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm ppc64le: sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: sudo-1.8.19p2-12.el7_4.2.src.rpm x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n 93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8 zGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0 ax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u sS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U WTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn PNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN Pa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP qsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE zXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2 aM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT /eC3svyPRxA=fsAW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x 3. 8) - aarch64, ppc64le, s390x, x86_64 3. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation. For the stable distribution (buster), this problem has been fixed in version 1.8.27-1+deb10u3. We recommend that you upgrade your sudo packages. For the detailed security status of sudo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sudo Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQWctfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qr2w/5AfAZMSbKestTzvm22w+T5yReGOd2jYXO2SzdqdkIzOVXJ83RrbogkiyK d1ie47Csw51M8L5eT/kf48vkABPqT9S0dlRI7rQ2xbIDWIUcDpnFNCSclSGjI+Sd HqtaQQbR+MdSjGtC8vc8RVEOEQcVvoXrqDPaEniWjA4uTV7Iqj0P3EpH1XolVlZv lw4ZZ+VdDolxhm1QWp/NiMKUlDpv5RLs6jW0oQAKP1RZqMIX44TSEHil/NEs6VeN u5AFUwo5iwYRCUbgi2mB0GxV4CRyb0IN26pGsltYJsReFL1vCMiO9drGMk/WhlqB NGKeF5rLsMKaJCkBEcMntDG1XtFhXuyak2O4atL7H8CwhBZ81Axe+aAynn7IB99B qx3GLfRNSVKHQHBHWEOxqILCS+xWmvL6/uB6xMaAh5CXxhEgs9BIEiPonccmkzQ9 xj6Uw/aWv9ZOUu+Rwmp+bG/V8DKaFKegaQAy0HnhOZ11ruJJB/YicTXSsbxoLSEt hbd0bYAOrZBqcysH8Ed+R2tGxtjoWIDLcv3uUqmttxgd8E5YpGGngaYBleGCnB0s X3JDyd1pvBu7H0vR5k2bVNgm4qQ27jHmeNKRSpvUZv50mRX8NQyv/rrROwkUsVdI 1EnlHYz0E4BUfb15ECWLfN9BM/MyPhkdKadIrrd+zJEwq+KVcHo= =d9gQ -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow, root

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu

SOURCES

LAST UPDATE DATE

2024-11-21T20:08:37.711000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE