7.8
CVE-2021-3156
- EPSS 99.3%
- Veröffentlicht 26.01.2021 21:15:12
- Zuletzt bearbeitet 10.11.2025 14:41:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sudo Project ≫ Sudo Version >= 1.8.2 < 1.8.32
Sudo Project ≫ Sudo Version >= 1.9.0 < 1.9.5
Sudo Project ≫ Sudo Version1.9.5 Update-
Sudo Project ≫ Sudo Version1.9.5 Updatepatch1
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Cloud Backup Version-
Netapp ≫ Hci Management Node Version-
Netapp ≫ Oncommand Unified Manager Core Package Version-
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Netapp ≫ Ontap Tools Version9 SwPlatformvmware_vsphere
Mcafee ≫ Web Gateway Version8.2.17
Mcafee ≫ Web Gateway Version9.2.8
Mcafee ≫ Web Gateway Version10.0.4
Synology ≫ Diskstation Manager Unified Controller Version3.0
Synology ≫ Diskstation Manager Version6.2
Synology ≫ Skynas Firmware Version-
Synology ≫ Vs960hd Firmware Version-
Beyondtrust ≫ Privilege Management For Mac Version < 21.1.1
Oracle ≫ Micros Compact Workstation 3 Firmware Version310
Oracle ≫ Micros Es400 Firmware Version >= 400 <= 410
Oracle ≫ Micros Kitchen Display System Firmware Version210
Oracle ≫ Micros Workstation 5a Firmware Version5a
Oracle ≫ Micros Workstation 6 Firmware Version >= 610 <= 655
Oracle ≫ Communications Performance Intelligence Center Version >= 10.3.0.0.0 <= 10.3.0.2.1
Oracle ≫ Communications Performance Intelligence Center Version >= 10.4.0.1.0 <= 10.4.0.3.1
Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1
06.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Sudo Heap-Based Buffer Overflow Vulnerability
SchwachstelleSudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 99.3% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://www.openwall.com/lists/oss-security/2021/09/14/2
https://security.gentoo.org/glsa/202101-33
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2021/Feb/42
http://seclists.org/fulldisclosure/2021/Jan/79
http://seclists.org/fulldisclosure/2024/Feb/3
http://www.openwall.com/lists/oss-security/2021/01/26/3
http://www.openwall.com/lists/oss-security/2021/01/27/1
http://www.openwall.com/lists/oss-security/2021/01/27/2
http://www.openwall.com/lists/oss-security/2021/02/15/1
http://www.openwall.com/lists/oss-security/2024/01/30/6
http://www.openwall.com/lists/oss-security/2024/01/30/8
https://kc.mcafee.com/corporate/index?page=content&id=SB10348
https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
https://security.netapp.com/advisory/ntap-20210128-0001/
https://security.netapp.com/advisory/ntap-20210128-0002/
https://support.apple.com/kb/HT212177
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
https://www.debian.org/security/2021/dsa-4839
https://www.kb.cert.org/vuls/id/794544
https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/stable.html#1.9.5p2
https://www.synology.com/security/advisory/Synology_SA_21_02
https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156