CVE-2021-3156high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/stable.html#1.9.5p2
http://www.openwall.com/lists/oss-security/2021/01/26/3
https://security.gentoo.org/glsa/202101-33
https://www.debian.org/security/2021/dsa-4839
http://www.openwall.com/lists/oss-security/2021/01/27/1
http://www.openwall.com/lists/oss-security/2021/01/27/2
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
https://security.netapp.com/advisory/ntap-20210128-0001/
https://security.netapp.com/advisory/ntap-20210128-0002/
http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
https://www.kb.cert.org/vuls/id/794544
http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
https://support.apple.com/kb/HT212177
http://seclists.org/fulldisclosure/2021/Feb/42
https://kc.mcafee.com/corporate/index?page=content&id=SB10348
http://www.openwall.com/lists/oss-security/2021/02/15/1
https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
http://seclists.org/fulldisclosure/2021/Jan/79
https://www.synology.com/security/advisory/Synology_SA_21_02
Details
Source: MITRE
Published: 2021-01-26
Updated: 2021-07-20
Type: CWE-193
Risk Information
CVSS v2
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
CVSS v3
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Configuration 4
OR
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
Configuration 5
OR
cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:*
Configuration 6
OR
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*
Configuration 7
AND
OR
OR
Configuration 8
AND
OR
OR
Configuration 9
OR
cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:privilege_management_for_unix\/linux:*:*:*:*:basic:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 151386 | EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2021-2170) | Nessus | Huawei Local Security Checks | high |
| 150464 | OracleVM 3.4 : sudo (OVMSA-2021-0012) | Nessus | OracleVM Local Security Checks | high |
| 149628 | openSUSE Security Update : sudo (openSUSE-2021-602) | Nessus | SuSE Local Security Checks | high |
| 148873 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:1274-1) | Nessus | SuSE Local Security Checks | high |
| 148872 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:1273-1) | Nessus | SuSE Local Security Checks | high |
| 148868 | SUSE SLED15 / SLES15 Security Update : sudo (SUSE-SU-2021:1275-1) | Nessus | SuSE Local Security Checks | high |
| 148867 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:1267-1) | Nessus | SuSE Local Security Checks | high |
| 148642 | Oracle Linux 6 : sudo (ELSA-2021-9169) | Nessus | Oracle Linux Local Security Checks | high |
| 148142 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0928-1) | Nessus | SuSE Local Security Checks | high |
| 148081 | EulerOS 2.0 SP5 : sudo (EulerOS-SA-2021-1707) | Nessus | Huawei Local Security Checks | high |
| 147695 | EulerOS Virtualization 2.9.0 : sudo (EulerOS-SA-2021-1669) | Nessus | Huawei Local Security Checks | high |
| 147547 | EulerOS Virtualization 3.0.2.6 : sudo (EulerOS-SA-2021-1424) | Nessus | Huawei Local Security Checks | high |
| 147509 | EulerOS Virtualization 2.9.1 : sudo (EulerOS-SA-2021-1630) | Nessus | Huawei Local Security Checks | high |
| 147471 | EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2021-1390) | Nessus | Huawei Local Security Checks | high |
| 147406 | NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001) | Nessus | NewStart CGSL Local Security Checks | high |
| 147368 | NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2021-0032) | Nessus | NewStart CGSL Local Security Checks | high |
| 147267 | NewStart CGSL MAIN 6.02 : sudo Vulnerability (NS-SA-2021-0089) | Nessus | NewStart CGSL Local Security Checks | high |
| 147107 | EulerOS Virtualization 3.0.6.6 : sudo (EulerOS-SA-2021-1520) | Nessus | Huawei Local Security Checks | high |
| 147025 | EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2021-1575) | Nessus | Huawei Local Security Checks | high |
| 146799 | Linux Sudo Privilege Escalation (Out-of-bounds Write) | Nessus | Misc. | high |
| 146716 | EulerOS 2.0 SP2 : sudo (EulerOS-SA-2021-1366) | Nessus | Huawei Local Security Checks | high |
| 146683 | EulerOS 2.0 SP3 : sudo (EulerOS-SA-2021-1375) | Nessus | Huawei Local Security Checks | high |
| 146427 | macOS 10.14.x < 10.14.6 Security Update 2021-002 / 10.15.x < 10.15.7 Supplemental Update / macOS 11.x < 11.2.1 (HT212177) | Nessus | MacOS X Local Security Checks | high |
| 146251 | EulerOS 2.0 SP9 : sudo (EulerOS-SA-2021-1276) | Nessus | Huawei Local Security Checks | high |
| 146240 | EulerOS 2.0 SP9 : sudo (EulerOS-SA-2021-1257) | Nessus | Huawei Local Security Checks | high |
| 146094 | RHEL 8 : Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4] (Important) (RHSA-2021:0401) | Nessus | Red Hat Local Security Checks | high |
| 146093 | RHEL 7 : RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13 (Important) (RHSA-2021:0395) | Nessus | Red Hat Local Security Checks | high |
| 145745 | EulerOS 2.0 SP8 : sudo (EulerOS-SA-2021-1173) | Nessus | Huawei Local Security Checks | high |
| 145699 | Photon OS 1.0: Sudo PHSA-2021-1.0-0358 | Nessus | PhotonOS Local Security Checks | high |
| 145695 | Photon OS 2.0: Sudo PHSA-2021-2.0-0315 | Nessus | PhotonOS Local Security Checks | high |
| 145693 | Photon OS 3.0: Sudo PHSA-2021-3.0-0188 | Nessus | PhotonOS Local Security Checks | high |
| 145570 | CentOS 8 : sudo (CESA-2021:0218) | Nessus | CentOS Local Security Checks | high |
| 145565 | OracleVM 3.4 : sudo (OVMSA-2021-0003) | Nessus | OracleVM Local Security Checks | high |
| 145536 | RHEL 6 : sudo (RHSA-2021:0227) | Nessus | Red Hat Local Security Checks | high |
| 145530 | openSUSE Security Update : sudo (openSUSE-2021-169) | Nessus | SuSE Local Security Checks | high |
| 145525 | openSUSE Security Update : sudo (openSUSE-2021-170) | Nessus | SuSE Local Security Checks | high |
| 145520 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0232-1) | Nessus | SuSE Local Security Checks | high |
| 145519 | CentOS 7 : sudo (CESA-2021:0221) | Nessus | CentOS Local Security Checks | high |
| 145505 | Oracle Linux 6 : sudo (ELSA-2021-9019) | Nessus | Oracle Linux Local Security Checks | high |
| 145500 | RHEL 8 : sudo (RHSA-2021:0219) | Nessus | Red Hat Local Security Checks | high |
| 145499 | RHEL 7 : sudo (RHSA-2021:0225) | Nessus | Red Hat Local Security Checks | high |
| 145498 | RHEL 7 : sudo (RHSA-2021:0222) | Nessus | Red Hat Local Security Checks | high |
| 145497 | RHEL 7 : sudo (RHSA-2021:0221) | Nessus | Red Hat Local Security Checks | high |
| 145496 | RHEL 7 : sudo (RHSA-2021:0226) | Nessus | Red Hat Local Security Checks | high |
| 145495 | RHEL 7 : sudo (RHSA-2021:0224) | Nessus | Red Hat Local Security Checks | high |
| 145494 | RHEL 8 : sudo (RHSA-2021:0220) | Nessus | Red Hat Local Security Checks | high |
| 145493 | RHEL 8 : sudo (RHSA-2021:0218) | Nessus | Red Hat Local Security Checks | high |
| 145492 | RHEL 7 : sudo (RHSA-2021:0223) | Nessus | Red Hat Local Security Checks | high |
| 145488 | FreeBSD : sudo -- Multiple vulnerabilities (f3cf4b33-6013-11eb-9a0e-206a8a720317) | Nessus | FreeBSD Local Security Checks | high |
| 145486 | Fedora 33 : sudo (2021-2cb63d912a) | Nessus | Fedora Local Security Checks | high |
| 145484 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0226-1) | Nessus | SuSE Local Security Checks | high |
| 145482 | Fedora 32 : sudo (2021-8840cbdccd) | Nessus | Fedora Local Security Checks | high |
| 145481 | SUSE SLED15 / SLES15 Security Update : sudo (SUSE-SU-2021:0227-1) | Nessus | SuSE Local Security Checks | high |
| 145479 | SUSE SLES12 Security Update : sudo (SUSE-SU-2021:0225-1) | Nessus | SuSE Local Security Checks | high |
| 145477 | GLSA-202101-33 : sudo: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 145475 | Debian DLA-2534-1 : sudo security update | Nessus | Debian Local Security Checks | high |
| 145472 | Slackware 14.0 / 14.1 / 14.2 / current : sudo (SSA:2021-026-01) | Nessus | Slackware Local Security Checks | high |
| 145471 | Debian DSA-4839-1 : sudo - security update | Nessus | Debian Local Security Checks | high |
| 145463 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Sudo vulnerabilities (USN-4705-1) | Nessus | Ubuntu Local Security Checks | high |
| 145462 | Oracle Linux 8 : sudo (ELSA-2021-0218) | Nessus | Oracle Linux Local Security Checks | high |
| 145461 | Oracle Linux 7 : sudo (ELSA-2021-0221) | Nessus | Oracle Linux Local Security Checks | high |
| 145460 | Scientific Linux Security Update : sudo on SL7.x i686/x86_64 (2021:0221) | Nessus | Scientific Linux Local Security Checks | high |
| 145457 | Amazon Linux 2 : sudo (ALAS-2021-1590) | Nessus | Amazon Linux Local Security Checks | high |
| 145451 | Amazon Linux AMI : sudo (ALAS-2021-1478) | Nessus | Amazon Linux Local Security Checks | high |