• Quote of the week

    "Knowledge, like air, is vital to life. Like air, no one should be denied it."
    ― Alan Moore, V for Vendetta

    Past Quotes of the Week

PSA: If your PC runs Linux, you should update Sudo now

Despite the fact that tens of thousands of contributors actively pore over the source code of the Linux kernel and various Unix utilities looking for security flaws, it’s not unheard of for serious bugs to go unnoticed. Just a day ago, the folks over at Qualys revealed a new heap-based buffer overflow attack vector that targets the “Sudo” program to gain root access. The bug this time seems to be quite serious, and the bug has existed within the codebase for almost 10 years! Although the privilege escalation vulnerability has already been patched, it could potentially be exploited on nearly every Linux distribution and several Unix-like operating systems.

Enter Baron Samedit

Formally cataloged as CVE-2021-3156, the vulnerability has been named Baron Samedit. The moniker seems to be a play on Baron Samedi and the sudoedit utility since the latter is used in one of the exploit paths. By exploiting this vulnerability, any unprivileged local user can have unfettered root privileges on the vulnerable host. In more technical terms, the bug involves controlling the size of the “user_args” buffer (which is meant for sudoers matching and logging) in order to perform the buffer overflow and incorrectly unescape backslashes in the arguments to obtain root privileges.

Why Baron Samedit is a critical vulnerability

The exploitable code can be traced back to July 2011, which affects all legacy Sudo versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration. The security vulnerability is said to be rather trivial to exploit: the local user does not need to be a privileged user or be a part of sudoers list. As a result, any device running even a fairly modern Linux distribution can potentially fall victim to this bug. In fact, the researchers from Qualys were able to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).

We at XDA generally welcome the ability for regular users to gain root access, but we do not celebrate the existence of root exploits such as this, especially one which is so widespread and potentially incredibly dangerous to end-users. The vulnerability has been fixed in the sudo version 1.9.5p2 released yesterday, at the same time Qualys publicly disclosed their findings. Our readers are requested to immediately upgrade to sudo 1.9.5p2 or later as soon as possible.

How to check if you’re affected by Baron Samedit

In case you want to test if your Linux environment is vulnerable or not, log in to the system as a non-root user and then run the following command:

sudoedit -s /

A vulnerable system should respond with an error that starts with sudoedit:. However, if the system is already patched, it will show an error that starts with usage:.


Source: Qualys Blog
Via: XDA Developers

Presearch is a Decentralized
Search Engine

Search privately, receive better results and get rewarded with the Presearch decentralized search engine, powered by blockchain technology.

Similar Posts:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Your online freedom is just seconds away.

    Buy VPN with Bitcoin, PayPal, Credit Card | Get Your First 30 Days FREE

  • Famous Quotes In History

    "I think the subject which will be of most importance politically is mass psychology....Although this science will be diligently studied, it will be rigidly confined to the governing class. The populace will not be allowed to know how its convictions were generated."
    -- Bertrand Russell in The Impact of Science on Society  
     
    “Beware the leader who bangs the drums of war in order to whip the citizenry into a patriotic fervor, for patriotism is indeed a double-edged sword. It both emboldens the blood, just as it narrows the mind. And when the drums of war have reached a fever pitch and the blood boils with hate and the mind has closed, the leader will have no need in seizing the rights of the citizenry. Rather, the citizenry, infused with fear and blinded by patriotism, will offer up all of their rights unto the leader and gladly so. How do I know? For this is what I have done. And I am Caesar.”
    – Julius Caesar  
     
    Past Famous Quotes | Archive