CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability
First published: Tue Jan 19 2021(Updated: )
A heap-based buffer overflow was found in the way sudo parses command line arguments. As per the researcher this vulnerability: - is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password); - was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration. This could lead to privilege escalation.
Credit: cve@mitre.org Qualys cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/sudo | 1.8.27-1+deb10u3 1.8.27-1+deb10u5 1.9.5p2-3+deb11u1 1.9.13p3-1+deb12u1 1.9.14p2-1 | |
| redhat/sudo | <1.9.5 | 1.9.5 |
| IBM InfoSphere Guardium z/OS | <=10.5 | |
| IBM InfoSphere Guardium z/OS | <=10.6 | |
| IBM InfoSphere Guardium z/OS | <=11.0 | |
| IBM InfoSphere Guardium z/OS | <=11.1 | |
| IBM InfoSphere Guardium z/OS | <=11.2 | |
| IBM InfoSphere Guardium z/OS | <=11.3 | |
| Apple macOS | <11.2.1 | 11.2.1 |
| Apple macOS Supplemental Update | <10.15.7 | 10.15.7 |
| macOS Mojave | <10.14.6 | 10.14.6 |
| CentOS Sudo | ||
| Sudo | >=1.8.2<1.8.32 | |
| Sudo | >=1.9.0<1.9.5 | |
| Sudo | =1.9.5 | |
| Sudo | =1.9.5-patch1 | |
| Red Hat Fedora | =32 | |
| Red Hat Fedora | =33 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| NetApp SolidFire & HCI Management Node | ||
| NetApp OnCommand Unified Manager for Windows | ||
| NetApp SolidFire & HCI Storage Node | ||
| McAfee Web Gateway Cloud Service | =8.2.17 | |
| McAfee Web Gateway Cloud Service | =9.2.8 | |
| McAfee Web Gateway Cloud Service | =10.0.4 | |
| Synology Photos Diskstation Manager | =6.2 | |
| Synology DiskStation Manager | =3.0 | |
| Synology SkyNAS Firmware | ||
| Synology SkyNAS Firmware | ||
| Synology VS960HD | ||
| Synology VS960HD Firmware | ||
| BeyondTrust Privilege Management for Windows and Mac | <21.1.1 | |
| BeyondTrust Privilege Management for Unix/Linux | <10.3.2-10 | |
| Oracle MICROS Compact Workstation 3 | =310 | |
| Oracle Micros Compact Workstation 3 Firmware | ||
| Oracle Micros ES400 Firmware | >=400<=410 | |
| Oracle Micros ES400 Firmware | ||
| Oracle MICROS Kitchen Display System | =210 | |
| Oracle Micros Kitchen Display System Firmware | ||
| Oracle Micros Lucas | =5a | |
| Oracle Micros Workstation 5A Firmware | ||
| Oracle MICROS Workstation 6 | >=610<=655 | |
| Oracle Micros Workstation 6 Firmware | ||
| Oracle Communications Performance Intelligence Center | >=10.3.0.0.0<=10.3.0.2.1 | |
| Oracle Communications Performance Intelligence Center | >=10.4.0.1.0<=10.4.0.3.1 | |
| Oracle Tekelec Platform Distribution | >=7.4.0<=7.7.1 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Cloud Backup | ||
| NetApp ONTAP Select Deploy | ||
| NetApp ONTAP Tools for VMware vSphere | =9 | |
| Synology Photos Diskstation Manager | =6.2 | |
| All of | ||
| Synology SkyNAS Firmware | ||
| Synology SkyNAS Firmware | ||
| All of | ||
| Synology VS960HD | ||
| Synology VS960HD Firmware | ||
| All of | ||
| Oracle MICROS Compact Workstation 3 | =310 | |
| Oracle Micros Compact Workstation 3 Firmware | ||
| All of | ||
| Oracle Micros ES400 Firmware | >=400<=410 | |
| Oracle Micros ES400 Firmware | ||
| All of | ||
| Oracle MICROS Kitchen Display System | =210 | |
| Oracle Micros Kitchen Display System Firmware | ||
| All of | ||
| Oracle Micros Lucas | =5a | |
| Oracle Micros Workstation 5A Firmware | ||
| All of | ||
| Oracle MICROS Workstation 6 | >=610<=655 | |
| Oracle Micros Workstation 6 Firmware | ||
| >=1.8.2<1.8.32 | ||
| >=1.9.0<1.9.5 | ||
| =1.9.5 | ||
| =1.9.5-patch1 | ||
| =32 | ||
| =33 | ||
| =9.0 | ||
| =10.0 | ||
| =9 | ||
| =8.2.17 | ||
| =9.2.8 | ||
| =10.0.4 | ||
| =3.0 | ||
| =6.2 | ||
| All of | ||
| All of | ||
| <21.1.1 | ||
| <10.3.2-10 | ||
| All of | ||
| =310 | ||
| All of | ||
| >=400<=410 | ||
| All of | ||
| =210 | ||
| All of | ||
| =5a | ||
| All of | ||
| >=610<=655 | ||
| >=10.3.0.0.0<=10.3.0.2.1 | ||
| >=10.4.0.1.0<=10.4.0.3.1 | ||
| >=7.4.0<=7.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.sudo.ws/alerts/unescape_overflow.html
- https://www.sudo.ws/repos/sudo/rev/9b97f1787804
- https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
- https://www.sudo.ws/repos/sudo/rev/049ad90590be
- https://www.sudo.ws/repos/sudo/rev/09f98816fc89
- https://www.sudo.ws/repos/sudo/rev/c125fbe68783
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- https://security-tracker.debian.org/tracker/CVE-2021-3156
- https://support.apple.com/en-us/HT212177 (Advisory)
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2021/Feb/42
- http://seclists.org/fulldisclosure/2021/Jan/79
- http://www.openwall.com/lists/oss-security/2021/01/26/3
- http://www.openwall.com/lists/oss-security/2021/01/27/1
- http://www.openwall.com/lists/oss-security/2021/01/27/2
- http://www.openwall.com/lists/oss-security/2021/02/15/1
- http://www.openwall.com/lists/oss-security/2021/09/14/2
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
- https://security.gentoo.org/glsa/202101-33
- https://security.netapp.com/advisory/ntap-20210128-0001/
- https://security.netapp.com/advisory/ntap-20210128-0002/
- https://support.apple.com/kb/HT212177
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
- https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
- https://www.debian.org/security/2021/dsa-4839
- https://www.kb.cert.org/vuls/id/794544
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.sudo.ws/stable.html#1.9.5p2
- https://www.synology.com/security/advisory/Synology_SA_21_02
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748637&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748637&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748935&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748935&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1920618
- https://access.redhat.com/errata/RHSA-2021:0226
- https://access.redhat.com/errata/RHSA-2021:0220
- https://access.redhat.com/errata/RHSA-2021:0218
- https://access.redhat.com/errata/RHSA-2021:0225
- https://access.redhat.com/errata/RHSA-2021:0219
- https://access.redhat.com/errata/RHSA-2021:0227
- https://access.redhat.com/errata/RHSA-2021:0224
- https://access.redhat.com/errata/RHSA-2021:0221
- https://access.redhat.com/errata/RHSA-2021:0222
- https://access.redhat.com/errata/RHSA-2021:0223
- https://access.redhat.com/security/cve/cve-2021-3156
- https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
- https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8
- https://github.com/sudo-project/sudo/commit/b301b46b79c6e2a76d530fa36d05992e74952ee8
- https://github.com/sudo-project/sudo/commit/c4d384082fdbc8406cf19e08d05db4cded920a55
- https://access.redhat.com/errata/RHSA-2021:0395
- https://access.redhat.com/errata/RHSA-2021:0401
- https://access.redhat.com/solutions/5752521
- https://bugzilla.redhat.com/show_bug.cgi?id=1917684
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- http://www.openwall.com/lists/oss-security/2024/01/30/6
- http://www.openwall.com/lists/oss-security/2024/01/30/8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/195658
- https://www.ibm.com/support/pages/node/6455281 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2021-3156
- https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-3156.
What is the title of this vulnerability?
The title of this vulnerability is Sudo Heap-Based Buffer Overflow Vulnerability.
What is the description of this vulnerability?
The description of this vulnerability is that Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Which software is affected by this vulnerability?
The affected software includes Sudo, macOS Big Sur (up to version 11.2.1), macOS Catalina Supplemental Update (up to version 10.15.7), and macOS Mojave (up to version 10.14.6).
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following reference: [https://support.apple.com/en-us/HT212177](https://support.apple.com/en-us/HT212177).
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/description
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3156
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/trending
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/event
- collector/apple-support
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- collector/nvd-index
- package-manager/debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm infosphere guardium z/os
- version/ibm infosphere guardium z/os/10.5
- version/ibm infosphere guardium z/os/10.6
- version/ibm infosphere guardium z/os/11.0
- version/ibm infosphere guardium z/os/11.1
- version/ibm infosphere guardium z/os/11.2
- version/ibm infosphere guardium z/os/11.3
- vendor/apple
- canonical/apple macos
- canonical/apple macos supplemental update
- canonical/macos mojave
- vendor/sudo
- canonical/centos sudo
- vendor/sudo project
- canonical/sudo
- version/sudo/1.8.2
- version/sudo/1.9.0
- version/sudo/1.9.5
- version/sudo/1.9.5-patch1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/32
- version/red hat fedora/33
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp solidfire & hci management node
- canonical/netapp oncommand unified manager for windows
- canonical/netapp ontap select deploy
- canonical/netapp ontap tools for vmware vsphere
- version/netapp ontap tools for vmware vsphere/9
- canonical/netapp solidfire & hci storage node
- vendor/mcafee
- canonical/mcafee web gateway cloud service
- version/mcafee web gateway cloud service/8.2.17
- version/mcafee web gateway cloud service/9.2.8
- version/mcafee web gateway cloud service/10.0.4
- vendor/synology
- canonical/synology diskstation manager
- version/synology diskstation manager/3.0
- canonical/synology photos diskstation manager
- version/synology photos diskstation manager/6.2
- canonical/synology skynas firmware
- canonical/synology vs960hd
- canonical/synology vs960hd firmware
- vendor/beyondtrust
- canonical/beyondtrust privilege management for windows and mac
- canonical/beyondtrust privilege management for unix/linux
- vendor/oracle
- canonical/oracle micros compact workstation 3
- version/oracle micros compact workstation 3/310
- canonical/oracle micros compact workstation 3 firmware
- canonical/oracle micros es400 firmware
- version/oracle micros es400 firmware/400
- version/oracle micros es400 firmware/410
- canonical/oracle micros kitchen display system
- version/oracle micros kitchen display system/210
- canonical/oracle micros kitchen display system firmware
- canonical/oracle micros lucas
- version/oracle micros lucas/5a
- canonical/oracle micros workstation 5a firmware
- canonical/oracle micros workstation 6
- version/oracle micros workstation 6/610
- version/oracle micros workstation 6/655
- canonical/oracle micros workstation 6 firmware
- canonical/oracle communications performance intelligence center
- version/oracle communications performance intelligence center/10.3.0.0.0
- version/oracle communications performance intelligence center/10.3.0.2.1
- version/oracle communications performance intelligence center/10.4.0.1.0
- version/oracle communications performance intelligence center/10.4.0.3.1
- canonical/oracle tekelec platform distribution
- version/oracle tekelec platform distribution/7.4.0
- version/oracle tekelec platform distribution/7.7.1