sudo escalation vuln on any Mac (and other *nix systems) - CVE-2021-3156

Syriel · Feb 2, 2021

CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one's privileges to 1337 uid=0. Fun for @p0sixninja

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156 | CISA

us-cert.cisa.gov

Cyanity · Feb 2, 2021

Layman speak TL;DR? What can this exploit do?

Deleted member 15476 · Feb 2, 2021

It has already been patched on all major Linux Distros. Apple will probably follow suit sooner than later.

zoku88 · Feb 2, 2021

Cyanity said:
Layman speak TL;DR? What can this exploit do?

sudo is a tool used for privilege escalation. So a vulnerability in sudo allows attackers to basically have admin access.

infiniteloop · Feb 2, 2021

Saw this last week and surprised Apple didn't fix in the updates yesterday

Orbis · Feb 2, 2021

Had to patch all our Linux servers last week due to this.

tripleg · Feb 2, 2021

Cyanity said:
Layman speak TL;DR? What can this exploit do?

Allow for kernel level execution without administration privileges.

Syriel · Feb 2, 2021

infiniteloop said:
Saw this last week and surprised Apple didn't fix in the updates yesterday

Also makes you wonder how many OS X users have automatic updates disabled.

Astral Lovelace · Feb 2, 2021

Looks like the only requirement for this is to have permissions for symlinking and access to a shell.

Not the easiest thing to exploit, but if you do it, you'll have the whole computer.

Cyanity · Feb 2, 2021

tripleg said:
Allow for kernel level execution without administration privileges.

Oh, so anything. Got it

Transistor · Feb 2, 2021

Patched my Linux boxes as soon as the updated package was out.

lunarworks · Feb 2, 2021

Syriel said:
Also makes you wonder how many OS X users have automatic updates disabled.

I have automatic updates disabled because large system operations like that happen on my terms. I typically update as soon as possible, usually the day of release, however.

Midramble · Feb 2, 2021

Cisco products as well

sudo escalation vuln on any Mac (and other *nix systems) - CVE-2021-3156

Syriel

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156 | CISA

Cyanity

Deleted member 15476

User requested account closure

zoku88

infiniteloop

Orbis

tripleg

Alt Account

Syriel

Astral Lovelace

Cyanity

Transistor

Hollowly Brittle

lunarworks

Midramble

Force of Habit