CVE ID : CVE-2021-3156

The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

· · Web · 2 · 1 · 1

@tbr /me runs "sudo apt update" => "All packages are up to date."

@geert In case of Debian:
So if you run 'testing' there is no fixed package yet, as that gets no security fixes, just regular package updates.
For other deb distros there are trackers too.

$ sudo
bash: sudo: command not found

Guess I'm OK.

@mansr @tbr Make sure . is in your $PATH, and do "cd /home/geert" first ;-)

@geert @tbr If you've managed to create an account on my machine and put suid root executables there, I have a bigger problem.

@mansr @tbr Just entering your password in response to the prompt from my sudo script would already be priceless.

Sign in to participate in the conversation
Society of Trolls

A nice little Mastodon instance. Mild trolling encouraged (keep it local), but not required. Malicious behaviour is not tolerated. Follow Wheaton's law and you'll be fine.