Heap overflow

2021-01-2621:15:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.7%

JSON

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.

CPENameOperatorVersion
privilege_management_for_maclt21.1.1
privilege_management_for_unix\\/linuxeq< 10.3.2-10
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq32
fedoraeq33
web_gatewayeq8.2.17
web_gatewayeq9.2.8
web_gatewayeq10.0.4
communications_performance_intelligence_centerge10.4.0.1.0

Name	Operator	Version
privilege_management_for_mac	lt	21.1.1
privilege_management_for_unix\\/linux	eq	< 10.3.2-10
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	32
fedora	eq	33
web_gateway	eq	8.2.17
web_gateway	eq	9.2.8
web_gateway	eq	10.0.4
communications_performance_intelligence_center	ge	10.4.0.1.0

Rows per page:

1-10 of 301

References

packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

seclists.org/fulldisclosure/2021/Feb/42

seclists.org/fulldisclosure/2021/Jan/79

seclists.org/fulldisclosure/2024/Feb/3

www.openwall.com/lists/oss-security/2021/01/26/3

www.openwall.com/lists/oss-security/2021/01/27/1

www.openwall.com/lists/oss-security/2021/01/27/2

www.openwall.com/lists/oss-security/2021/02/15/1

www.openwall.com/lists/oss-security/2021/09/14/2

www.openwall.com/lists/oss-security/2024/01/30/6

www.openwall.com/lists/oss-security/2024/01/30/8

kc.mcafee.com/corporate/index?page=content&id=SB10348

lists.debian.org/debian-lts-announce/2021/01/msg00022.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/

security.gentoo.org/glsa/202101-33

security.netapp.com/advisory/ntap-20210128-0001/

security.netapp.com/advisory/ntap-20210128-0002/

support.apple.com/kb/HT212177

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability

www.debian.org/security/2021/dsa-4839

www.kb.cert.org/vuls/id/794544

www.openwall.com/lists/oss-security/2021/01/26/3

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpuoct2021.html

www.sudo.ws/stable.html

www.synology.com/security/advisory/Synology_SA_21_02