Researchers at Qualys have reported a critical buffer overflow vulnerability in sudo that attackers can exploit to gain control of a Linux host. The developers have already released the corresponding patch, users just have to install it.

The sudo program is used to administer UNIX systems. It can be used to grant elevated privileges to any user or to execute commands as root and other users.

The bug found by Qualys specialists received the identifier CVE-2021-3156. Its danger lies in the fact that any local user could gain root access on a vulnerable host with a default configuration. According to the researchers, the following versions of sudo are affected: 1.8.2 to 1.8.31p2, 1.9.0 to 1.9.5p1. The vulnerability has existed in Sudo since July 2011 and affects all versions of the utility over the past ten years.

The CVE-2021-3156 vulnerability is currently fixed in sudo version 1.9.5p2.

Source: anti-malware.ru