❈ CVE-2021-3156: Heap-Based Buffer Overflow in Sudo

Linux Tipps reddit.com

Serious looking vulnerability in sudo

Run command “sudoedit -s /” If the system is vulnerable, it will respond with an error that starts with “sudoedit:” If the system is patched, it will respond with an error that starts with “usage:” 

Arch have released a patch in the last few hours (1.9.5.p2) Running on my system after updating produces sudoedit -s / usage: sudoedit [-AknS] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ... Which looks like it's patched.

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

/edit: just checked on a Ubuntu 18.04 server and it seems to have been patched so I assume later versions are patched also

submitted by /u/NooShoes
[link] [comments]...

Zur Startseite

Kompletten Artikel anzeigen (externe Quelle: https://www.reddit.com/r/linux/comments/l5n12d/cve20213156_heapbased_buffer_overflow_in_sudo/)

➤ Weitere Beiträge von Team Security | IT Sicherheit

The January 2021 Security Update Review

vom 836.19 Punkte ic_school_black_18dp
Welcome to the new year, and welcome to the first Patch Tuesday of 2021. Take a break from your regularly scheduled activities and join us as we review the details for the latest security offerings from Microsoft and Adobe. Adobe Patches for January 2021This month,

USN-3415-1: tcpdump vulnerabilities

vom 637.7 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe

USN-3415-2: tcpdump vulnerabilities

vom 637.7 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump

The February 2021 Security Update Review

vom 623.49 Punkte ic_school_black_18dp
It’s the second Tuesday of the month, and that means the latest security updates from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings. Adobe Patches for

sudo bis 1.8.20 auf Linux TTY get_process_ttyname() erweiterte Rechte

vom 484.9 Punkte ic_school_black_18dp
Eine Schwachstelle wurde in sudo bis 1.8.20 auf Linux entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion get_process_ttyname() der Komponente TTY Handler. Mit der Manipulation mit einer unbekannten Eingabe kann eine erweiterte Rec

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

vom 432.63 Punkte ic_school_black_18dp
Linux Privilege Escalation through SUDO abuse.If you like the tool and for my personal motivation so as to develop other tools please a +1 star *The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO**WAR

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

vom 429.1 Punkte ic_school_black_18dp
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.AbstractTrivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (A

sudo bis 1.8.18 noexec system() erweiterte Rechte

vom 362.47 Punkte ic_school_black_18dp
In sudo bis 1.8.18 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion system() der Komponente noexec. Durch das Manipulieren mit einer unbekannten Eingabe kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. CWE definiert da

USN-3131-1: ImageMagick vulnerabilities

vom 355.14 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several sec

USN-3131-1: ImageMagick vulnerabilities

vom 355.14 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several sec

USN-3361-1: Linux kernel (HWE) vulnerabilities

vom 317.04 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3361-1 21st July, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software descripti

USN-4118-1: Linux kernel (AWS) vulnerabilities

vom 311.78 Punkte ic_school_black_18dp
linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws - Linux kernel for Amazon Web Services

Team Security Diskussion über CVE-2021-3156: Heap-Based Buffer Overflow in Sudo