Qualys has unveiled a new heap-based buffer override attack vector, which targets the "sudo" program to gain root access. The bug has been around for almost 10 years!
CVE-2021-3156 - Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
By exploiting this vulnerability, any underprivileged local user can have unrestricted root privileges on the vulnerable host.
Although the (Baron Samedit) privilege escalation vulnerability has already been fixed, it could be exploited on every Linux distribution and on several Unix-like operating systems.
All old Sudo versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration are affected.
Qualys researchers were able to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9.2).
If you want to test whether or not Linux is vulnerable, log in as a non-root user and:
sudoedit -s /
A vulnerable system should respond with an error that begins with:
However, if the system is already patched, it will show an error that starts with usage: