SUDO: critical security vulnerability found

The Qualys research team has discovered a heap overflow vulnerability in sudo a nearly ubiquitous utility available on major Unix-like operating systems. Any unprivileged users can be installed on a vulnerable host with a Standard Sudo configuration gain root privileges by exploiting this vulnerability.

Sudo is a powerful utility included in most, if not all, Unix and Linux-based operating systems. It allows users to run programs with the security privileges of another user. The vulnerability itself is for nearly 10 years remained hidden. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers were able to independently verify the vulnerability and develop multiple variants of the exploit and gain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2).

It is very likely that other operating systems and distributions are also exploitable.

Is my system affected?

If the system is still using the vulnerable sudo version you can check this by calling this command:

sudoedit -s /

If an output such as:

sudoedit: /: Not a regular file

is displayed, then the sudo version is vulnerable.

An updated sudo outputs the following feedback:

usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...

Fortunately there are already patches that have been applied before the release, if you have activated an auto-update.

It is therefore highly recommended to have all Linux packages updated automatically, if this is possible.

Original message at Qualys in the blog

Security advices of the distributions

Current articles