CVE-2021-3156
Sudo Heap-Based Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
56Exploited in Wild
YesDecision
Descriptions
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo carácter de barra invertida
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-15 CVE Reserved
- 2021-01-26 CVE Published
- 2021-01-26 First Exploit
- 2022-04-06 Exploited in Wild
- 2022-04-27 KEV Due Date
- 2024-09-18 CVE Updated
- 2024-10-28 EPSS Updated
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-193: Off-by-one Error
CAPEC
References (86)
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/09/14/2 | 2024-07-09 | |
https://www.oracle.com//security-alerts/cpujul2021.html | 2024-07-09 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2024-07-09 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2024-07-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Synology Search vendor "Synology" | Skynas Firmware Search vendor "Synology" for product "Skynas Firmware" | - | - |
Affected
| in | Synology Search vendor "Synology" | Skynas Search vendor "Synology" for product "Skynas" | - | - |
Safe
|
Synology Search vendor "Synology" | Vs960hd Firmware Search vendor "Synology" for product "Vs960hd Firmware" | - | - |
Affected
| in | Synology Search vendor "Synology" | Vs960hd Search vendor "Synology" for product "Vs960hd" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Micros Compact Workstation 3 Firmware Search vendor "Oracle" for product "Micros Compact Workstation 3 Firmware" | 310 Search vendor "Oracle" for product "Micros Compact Workstation 3 Firmware" and version "310" | - |
Affected
| in | Oracle Search vendor "Oracle" | Micros Compact Workstation 3 Search vendor "Oracle" for product "Micros Compact Workstation 3" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Micros Es400 Firmware Search vendor "Oracle" for product "Micros Es400 Firmware" | >= 400 <= 410 Search vendor "Oracle" for product "Micros Es400 Firmware" and version " >= 400 <= 410" | - |
Affected
| in | Oracle Search vendor "Oracle" | Micros Es400 Search vendor "Oracle" for product "Micros Es400" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Micros Kitchen Display System Firmware Search vendor "Oracle" for product "Micros Kitchen Display System Firmware" | 210 Search vendor "Oracle" for product "Micros Kitchen Display System Firmware" and version "210" | - |
Affected
| in | Oracle Search vendor "Oracle" | Micros Kitchen Display System Search vendor "Oracle" for product "Micros Kitchen Display System" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Micros Workstation 5a Firmware Search vendor "Oracle" for product "Micros Workstation 5a Firmware" | 5a Search vendor "Oracle" for product "Micros Workstation 5a Firmware" and version "5a" | - |
Affected
| in | Oracle Search vendor "Oracle" | Micros Workstation 5a Search vendor "Oracle" for product "Micros Workstation 5a" | - | - |
Safe
|
Oracle Search vendor "Oracle" | Micros Workstation 6 Firmware Search vendor "Oracle" for product "Micros Workstation 6 Firmware" | >= 610 <= 655 Search vendor "Oracle" for product "Micros Workstation 6 Firmware" and version " >= 610 <= 655" | - |
Affected
| in | Oracle Search vendor "Oracle" | Micros Workstation 6 Search vendor "Oracle" for product "Micros Workstation 6" | - | - |
Safe
|
Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | >= 1.8.2 < 1.8.32 Search vendor "Sudo Project" for product "Sudo" and version " >= 1.8.2 < 1.8.32" | - |
Affected
| ||||||
Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | >= 1.9.0 < 1.9.5 Search vendor "Sudo Project" for product "Sudo" and version " >= 1.9.0 < 1.9.5" | - |
Affected
| ||||||
Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | 1.9.5 Search vendor "Sudo Project" for product "Sudo" and version "1.9.5" | - |
Affected
| ||||||
Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | 1.9.5 Search vendor "Sudo Project" for product "Sudo" and version "1.9.5" | patch1 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Unified Manager Core Package Search vendor "Netapp" for product "Oncommand Unified Manager Core Package" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Tools Search vendor "Netapp" for product "Ontap Tools" | 9 Search vendor "Netapp" for product "Ontap Tools" and version "9" | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | 8.2.17 Search vendor "Mcafee" for product "Web Gateway" and version "8.2.17" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | 9.2.8 Search vendor "Mcafee" for product "Web Gateway" and version "9.2.8" | - |
Affected
| ||||||
Mcafee Search vendor "Mcafee" | Web Gateway Search vendor "Mcafee" for product "Web Gateway" | 10.0.4 Search vendor "Mcafee" for product "Web Gateway" and version "10.0.4" | - |
Affected
| ||||||
Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | 6.2 Search vendor "Synology" for product "Diskstation Manager" and version "6.2" | - |
Affected
| ||||||
Synology Search vendor "Synology" | Diskstation Manager Unified Controller Search vendor "Synology" for product "Diskstation Manager Unified Controller" | 3.0 Search vendor "Synology" for product "Diskstation Manager Unified Controller" and version "3.0" | - |
Affected
| ||||||
Beyondtrust Search vendor "Beyondtrust" | Privilege Management For Mac Search vendor "Beyondtrust" for product "Privilege Management For Mac" | < 21.1.1 Search vendor "Beyondtrust" for product "Privilege Management For Mac" and version " < 21.1.1" | - |
Affected
| ||||||
Beyondtrust Search vendor "Beyondtrust" | Privilege Management For Unix\/linux Search vendor "Beyondtrust" for product "Privilege Management For Unix\/linux" | < 10.3.2-10 Search vendor "Beyondtrust" for product "Privilege Management For Unix\/linux" and version " < 10.3.2-10" | basic |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center" | >= 10.3.0.0.0 <= 10.3.0.2.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center" | >= 10.4.0.1.0 <= 10.4.0.3.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Tekelec Platform Distribution Search vendor "Oracle" for product "Tekelec Platform Distribution" | >= 7.4.0 <= 7.7.1 Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1" | - |
Affected
|