CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability
First published: Tue Jan 19 2021(Updated: )
A heap-based buffer overflow was found in the way sudo parses command line arguments. As per the researcher this vulnerability: - is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password); - was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration. This could lead to privilege escalation.
Credit: cve@mitre.org Qualys cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/sudo | 1.8.27-1+deb10u3 1.8.27-1+deb10u5 1.9.5p2-3+deb11u1 1.9.13p3-1+deb12u1 1.9.14p2-1 | |
| Apple macOS Big Sur | <11.2.1 | 11.2.1 |
| Apple macOS Catalina Supplemental Update | <10.15.7 | 10.15.7 |
| Apple macOS Mojave | <10.14.6 | 10.14.6 |
| Sudo Sudo | ||
| Sudo Project Sudo | >=1.8.2<1.8.32 | |
| Sudo Project Sudo | >=1.9.0<1.9.5 | |
| Sudo Project Sudo | =1.9.5 | |
| Sudo Project Sudo | =1.9.5-patch1 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Netapp Hci Management Node | ||
| NetApp OnCommand Unified Manager Core Package | ||
| Netapp Solidfire | ||
| McAfee Web Gateway | =8.2.17 | |
| McAfee Web Gateway | =9.2.8 | |
| McAfee Web Gateway | =10.0.4 | |
| Synology DiskStation Manager | =6.2 | |
| Synology Diskstation Manager Unified Controller | =3.0 | |
| Synology Skynas Firmware | ||
| Synology Skynas | ||
| Synology Vs960hd Firmware | ||
| Synology Vs960hd | ||
| BeyondTrust Privilege Management for Mac | <21.1.1 | |
| Beyondtrust Privilege Management For Unix\/linux | <10.3.2-10 | |
| Oracle Micros Compact Workstation 3 Firmware | =310 | |
| Oracle Micros Compact Workstation 3 | ||
| Oracle Micros Es400 Firmware | >=400<=410 | |
| Oracle Micros Es400 | ||
| Oracle Micros Kitchen Display System Firmware | =210 | |
| Oracle Micros Kitchen Display System | ||
| Oracle Micros Workstation 5a Firmware | =5a | |
| Oracle Micros Workstation 5a | ||
| Oracle Micros Workstation 6 Firmware | >=610<=655 | |
| Oracle Micros Workstation 6 | ||
| Oracle Communications Performance Intelligence Center | >=10.3.0.0.0<=10.3.0.2.1 | |
| Oracle Communications Performance Intelligence Center | >=10.4.0.1.0<=10.4.0.3.1 | |
| Oracle Tekelec Platform Distribution | >=7.4.0<=7.7.1 | |
| redhat/sudo | <1.9.5 | 1.9.5 |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Ontap Tools Vmware Vsphere | =9 | |
| All of | ||
| Synology Skynas Firmware | ||
| Synology Skynas | ||
| All of | ||
| Synology Vs960hd Firmware | ||
| Synology Vs960hd | ||
| All of | ||
| Oracle Micros Compact Workstation 3 Firmware | =310 | |
| Oracle Micros Compact Workstation 3 | ||
| All of | ||
| Oracle Micros Es400 Firmware | >=400<=410 | |
| Oracle Micros Es400 | ||
| All of | ||
| Oracle Micros Kitchen Display System Firmware | =210 | |
| Oracle Micros Kitchen Display System | ||
| All of | ||
| Oracle Micros Workstation 5a Firmware | =5a | |
| Oracle Micros Workstation 5a | ||
| All of | ||
| Oracle Micros Workstation 6 Firmware | >=610<=655 | |
| Oracle Micros Workstation 6 | ||
| <=10.5 | ||
| <=10.6 | ||
| <=11.0 | ||
| <=11.1 | ||
| <=11.2 | ||
| <=11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.sudo.ws/alerts/unescape_overflow.html
- https://www.sudo.ws/repos/sudo/rev/9b97f1787804
- https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
- https://www.sudo.ws/repos/sudo/rev/049ad90590be
- https://www.sudo.ws/repos/sudo/rev/09f98816fc89
- https://www.sudo.ws/repos/sudo/rev/c125fbe68783
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- https://security-tracker.debian.org/tracker/CVE-2021-3156
- https://support.apple.com/en-us/HT212177 (Advisory)
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2021/Feb/42
- http://seclists.org/fulldisclosure/2021/Jan/79
- http://www.openwall.com/lists/oss-security/2021/01/26/3
- http://www.openwall.com/lists/oss-security/2021/01/27/1
- http://www.openwall.com/lists/oss-security/2021/01/27/2
- http://www.openwall.com/lists/oss-security/2021/02/15/1
- http://www.openwall.com/lists/oss-security/2021/09/14/2
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
- https://security.gentoo.org/glsa/202101-33
- https://security.netapp.com/advisory/ntap-20210128-0001/
- https://security.netapp.com/advisory/ntap-20210128-0002/
- https://support.apple.com/kb/HT212177
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
- https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
- https://www.debian.org/security/2021/dsa-4839
- https://www.kb.cert.org/vuls/id/794544
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.sudo.ws/stable.html#1.9.5p2
- https://www.synology.com/security/advisory/Synology_SA_21_02
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748637&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748637&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748935&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1748935&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1920618
- https://access.redhat.com/errata/RHSA-2021:0226
- https://access.redhat.com/errata/RHSA-2021:0220
- https://access.redhat.com/errata/RHSA-2021:0218
- https://access.redhat.com/errata/RHSA-2021:0225
- https://access.redhat.com/errata/RHSA-2021:0219
- https://access.redhat.com/errata/RHSA-2021:0227
- https://access.redhat.com/errata/RHSA-2021:0224
- https://access.redhat.com/errata/RHSA-2021:0221
- https://access.redhat.com/errata/RHSA-2021:0222
- https://access.redhat.com/errata/RHSA-2021:0223
- https://access.redhat.com/security/cve/cve-2021-3156
- https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
- https://github.com/sudo-project/sudo/commit/1f8638577d0c80a4ff864a2aad80a0d95488e9a8
- https://github.com/sudo-project/sudo/commit/b301b46b79c6e2a76d530fa36d05992e74952ee8
- https://github.com/sudo-project/sudo/commit/c4d384082fdbc8406cf19e08d05db4cded920a55
- https://access.redhat.com/errata/RHSA-2021:0395
- https://access.redhat.com/errata/RHSA-2021:0401
- https://access.redhat.com/solutions/5752521
- https://bugzilla.redhat.com/show_bug.cgi?id=1917684
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- http://www.openwall.com/lists/oss-security/2024/01/30/6
- http://www.openwall.com/lists/oss-security/2024/01/30/8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/195658
- https://www.ibm.com/support/pages/node/6455281 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2021-3156
- https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-3156.
What is the title of this vulnerability?
The title of this vulnerability is Sudo Heap-Based Buffer Overflow Vulnerability.
What is the description of this vulnerability?
The description of this vulnerability is that Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Which software is affected by this vulnerability?
The affected software includes Sudo, macOS Big Sur (up to version 11.2.1), macOS Catalina Supplemental Update (up to version 10.15.7), and macOS Mojave (up to version 10.14.6).
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following reference: [https://support.apple.com/en-us/HT212177](https://support.apple.com/en-us/HT212177).
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/description
- agent/author
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3156
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- collector/nvd-cve
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/apple
- canonical/apple macos big sur
- canonical/apple macos catalina supplemental update
- canonical/apple macos mojave
- vendor/sudo project
- canonical/sudo project sudo
- version/sudo project sudo/1.8.2
- version/sudo project sudo/1.9.0
- version/sudo project sudo/1.9.5
- version/sudo project sudo/1.9.5-patch1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp oncommand unified manager core package
- canonical/netapp solidfire
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/8.2.17
- version/mcafee web gateway/9.2.8
- version/mcafee web gateway/10.0.4
- vendor/synology
- canonical/synology diskstation manager
- version/synology diskstation manager/6.2
- canonical/synology diskstation manager unified controller
- version/synology diskstation manager unified controller/3.0
- canonical/synology skynas firmware
- canonical/synology skynas
- canonical/synology vs960hd firmware
- canonical/synology vs960hd
- vendor/beyondtrust
- canonical/beyondtrust privilege management for mac
- canonical/beyondtrust privilege management for unix\/linux
- vendor/oracle
- canonical/oracle micros compact workstation 3 firmware
- version/oracle micros compact workstation 3 firmware/310
- canonical/oracle micros compact workstation 3
- canonical/oracle micros es400 firmware
- version/oracle micros es400 firmware/400
- version/oracle micros es400 firmware/410
- canonical/oracle micros es400
- canonical/oracle micros kitchen display system firmware
- version/oracle micros kitchen display system firmware/210
- canonical/oracle micros kitchen display system
- canonical/oracle micros workstation 5a firmware
- version/oracle micros workstation 5a firmware/5a
- canonical/oracle micros workstation 5a
- canonical/oracle micros workstation 6 firmware
- version/oracle micros workstation 6 firmware/610
- version/oracle micros workstation 6 firmware/655
- canonical/oracle micros workstation 6
- canonical/oracle communications performance intelligence center
- version/oracle communications performance intelligence center/10.3.0.0.0
- version/oracle communications performance intelligence center/10.3.0.2.1
- version/oracle communications performance intelligence center/10.4.0.1.0
- version/oracle communications performance intelligence center/10.4.0.3.1
- canonical/oracle tekelec platform distribution
- version/oracle tekelec platform distribution/7.4.0
- version/oracle tekelec platform distribution/7.7.1
- package-manager/redhat
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp ontap select deploy administration utility
- canonical/netapp ontap tools vmware vsphere
- version/netapp ontap tools vmware vsphere/9
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3
- vendor/sudo
- canonical/sudo sudo