The Qualys research team has discovered a stack overflow vulnerability in sudo, an almost ubiquitous utility available in all major Unix-like operating systems. Any non-privileged user can gain root privileges on a vulnerable host using a default sudo setting by exploiting this vulnerability.
Sudo is a powerful utility that is included in most, if not all, Unix and Linux based operating systems. Allows users to run programs with the security privileges of another user. The vulnerability itself has been hiding in plain sight for almost 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions 1.8.2 to 1.8.31p2 and all stable versions 1.9.0 to 1.9.5p1 in their default settings.
Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability and develop multiple exploit variants and gain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9 .2) . Other operating systems and distributions are also likely to be exploitable.
As soon as the Qualys research team confirmed the vulnerability, Qualys participated in responsible disclosure of the vulnerability and coordinated with the author of sudo and open source distributions to announce the vulnerability.
Given the breadth of the attack surface of this vulnerability, Qualys recommends that users patch this vulnerability immediately.
Qualys customers can search the vulnerability knowledge base CVE-2021-3156 to identify all QIDs and assets that are vulnerable to this vulnerability.