Rewterz Threat Advisory – CVE-2020-9492 – Apache Hadoop privilege escalation
January 27, 2021Rewterz Threat Alert – DanaBot Malware Makes a Return
January 27, 2021Rewterz Threat Advisory – CVE-2020-9492 – Apache Hadoop privilege escalation
January 27, 2021Rewterz Threat Alert – DanaBot Malware Makes a Return
January 27, 2021Severity
High
Analysis summary
CVE-2021-3156
Sudo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing command line arguments. By sending an “sudoedit -s” and a command-line argument that ends with a single backslash character, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
Impact
Privileges escalation
Affected Vendors
Linux
Affected Products
1.9.0 to 1.9.5p1
Remediation
Upgrade to the latest version of Sudo (1.9.5p2 or later).