Thomas B. Rücker
Follow

CVE ID : CVE-2021-3156

The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

· · Web · 2 · 1 · 1
Geert Uytterhoeven

@tbr /me runs "sudo apt update" => "All packages are up to date."

1
Thomas B. Rücker

@geert In case of Debian:
security-tracker.debian.org/tr
So if you run 'testing' there is no fixed package yet, as that gets no security fixes, just regular package updates.
For other deb distros there are trackers too.

0
Mans R

@tbr
$ sudo
bash: sudo: command not found

Guess I'm OK.

1+
Thomas B. Rücker

@mansr

0
Geert Uytterhoeven

@mansr @tbr Make sure . is in your $PATH, and do "cd /home/geert" first ;-)

1
Mans R

@geert @tbr If you've managed to create an account on my machine and put suid root executables there, I have a bigger problem.

1
Geert Uytterhoeven

@mansr @tbr Just entering your password in response to the prompt from my sudo script would already be priceless.

0
Sign in to participate in the conversation
Society of Trolls

A nice little Mastodon instance. Mild trolling encouraged (keep it local), but not required. Malicious behaviour is not tolerated. Follow Wheaton's law and you'll be fine.

Trending now

Resources

Developers

What is Mastodon?

society.oftrolls.com

More…