Quote:A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered — and it had been sitting there for a decade, researchers said.
The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Qualys researchers named the vulnerability “Baron Samedit,” tracked as CVE-2021-3156. They said the bug popped into the Sudo code back in July 2011.
“Qualys security researchers have been able to independently verify the vulnerability and develop multiple variants of exploit, and obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2),” the report said. “Other operating systems and distributions are also likely to be exploitable.”
The authors of Sudo have released a patched update, Sudo version 1.5.5p2.
“Not all Unix-like systems use the same implementation of Sudo, but this vulnerability is in the implementation distributed from https://www.sudo.ws/sudo.html (the Sudo main page) and is a widely used implementation,” David A. Wheeler from the Linux Foundation told Threatpost.
Read more: https://threatpost.com/sudo-bug-root-acc...-2/163395/
![[-]](https://www.geeks.fyi/images/collapse.png)
