View Issue Details

IDProjectCategoryView StatusLast Update
0007011Kali LinuxGeneral Bugpublic2021-06-30 08:49
ReporterX0RW3LL Assigned Torhertzog  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2020.4 
Summary0007011: CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
Description

As per the vulnerability disclosure: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

"affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration"

The current sudo package shipped with the latest Kali package upgrades is 1.9.5p1-1, which is the bullseye vulnerable version: https://security-tracker.debian.org/tracker/CVE-2021-3156

The issue was fixed in sid, sudo version 1.9.5p1-1.1

Steps To Reproduce

To test if a system is vulnerable or not, login to the system as a non-root user.

Run command “sudoedit -s /”

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

Activities

rhertzog

rhertzog

2021-01-27 10:19

administrator   ~0014141

Fixed version 1.9.5p1-1.1 is in kali-rolling.

Version 1.9.5p2-1 will come in a few days after the usual delay due to migration from unstable to testing then to kali-dev and to kali-rolling.

Issue History

Date Modified Username Field Change
2021-01-27 00:30 X0RW3LL New Issue
2021-01-27 10:19 rhertzog Assigned To => rhertzog
2021-01-27 10:19 rhertzog Status new => resolved
2021-01-27 10:19 rhertzog Resolution open => fixed
2021-01-27 10:19 rhertzog Note Added: 0014141
2021-06-30 08:49 g0tmi1k Priority urgent => normal