Vulnerabilites related to beyondtrust - privilege_management_for_unix\/linux
cve-2021-3156
Vulnerability from cvelistv5
Published
2021-01-26 00:00
Modified
2025-02-03 16:17
Severity ?
EPSS score ?
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:45:51.408Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html", }, { name: "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jan/79", }, { name: "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/01/26/3", }, { name: "GLSA-202101-33", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-33", }, { name: "DSA-4839", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4839", }, { name: "FEDORA-2021-2cb63d912a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/", }, { name: "FEDORA-2021-8840cbdccd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/", }, { name: "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/1", }, { name: "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/2", }, { name: "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM", }, { name: "VU#794544", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/794544", }, { name: "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Feb/42", }, { name: "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/15/1", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.sudo.ws/stable.html#1.9.5p2", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/01/26/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210128-0002/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210128-0001/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT212177", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10348", }, { tags: [ "x_transferred", ], url: "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", }, { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_21_02", }, { name: "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/8", }, { name: "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/6", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", }, { name: "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Feb/3", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-3156", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T15:43:52.658146Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-04-06", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-3156", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-193", description: "CWE-193 Off-by-one Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T16:17:09.060Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-18T16:41:27.031Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html", }, { name: "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2021/Jan/79", }, { name: "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/01/26/3", }, { name: "GLSA-202101-33", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202101-33", }, { name: "DSA-4839", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4839", }, { name: "FEDORA-2021-2cb63d912a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/", }, { name: "FEDORA-2021-8840cbdccd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/", }, { name: "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/1", }, { name: "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/2", }, { name: "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM", }, { name: "VU#794544", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/794544", }, { name: "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2021/Feb/42", }, { name: "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/02/15/1", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.sudo.ws/stable.html#1.9.5p2", }, { url: "https://www.openwall.com/lists/oss-security/2021/01/26/3", }, { url: "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html", }, { url: "https://security.netapp.com/advisory/ntap-20210128-0002/", }, { url: "https://security.netapp.com/advisory/ntap-20210128-0001/", }, { url: "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html", }, { url: "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", }, { url: "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", }, { url: "https://support.apple.com/kb/HT212177", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10348", }, { url: "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", }, { url: "https://www.synology.com/security/advisory/Synology_SA_21_02", }, { name: "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/8", }, { name: "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/6", }, { url: "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", }, { name: "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Feb/3", }, { url: "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-3156", datePublished: "2021-01-26T00:00:00.000Z", dateReserved: "2021-01-15T00:00:00.000Z", dateUpdated: "2025-02-03T16:17:09.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-01-26 21:15
Modified
2025-04-03 19:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
Impacted products
{ cisaActionDue: "2022-04-27", cisaExploitAdd: "2022-04-06", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Sudo Heap-Based Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", matchCriteriaId: "ED707F57-531B-4066-AFF0-7239F87B6BF5", versionEndExcluding: "1.8.32", versionStartIncluding: "1.8.2", vulnerable: true, }, { criteria: "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", matchCriteriaId: "38FC37F7-DE89-4078-BB55-EBFBF3A2D780", versionEndExcluding: "1.9.5", versionStartIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sudo_project:sudo:1.9.5:-:*:*:*:*:*:*", matchCriteriaId: "436F3F62-FBA8-44CB-A5A9-AA4D7E0F9A09", vulnerable: true, }, { criteria: "cpe:2.3:a:sudo_project:sudo:1.9.5:patch1:*:*:*:*:*:*", matchCriteriaId: "3C21138F-EB70-4AAE-9F45-C75CCE59BA89", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", matchCriteriaId: "0A4D418D-B526-46B9-B439-E1963BF88C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:*", matchCriteriaId: "D2039589-B543-49B6-AC5F-74C4253B416D", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:9.2.8:*:*:*:*:*:*:*", matchCriteriaId: "1E014E1E-0013-434F-9C59-178DAC089687", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:10.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3CE836FD-3453-4277-BC18-A4868C183F42", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*", matchCriteriaId: "DA272C48-259B-4402-BB75-552B6983CD43", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", matchCriteriaId: "D9685B12-824F-42AD-B87C-6E7A78BB7FA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53EF087B-D7E9-4F9A-803A-B0260C495C67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*", matchCriteriaId: "D0A88A76-CF8A-4D29-B480-E5317219072D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3D0C5120-B961-440F-B454-584BC54B549C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", matchCriteriaId: "1CCBDFF9-AF42-4681-879B-CF789EBAD130", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*", matchCriteriaId: "38A18800-4BB0-46A1-BD9D-78EC7A07E7B9", versionEndExcluding: "21.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:beyondtrust:privilege_management_for_unix\\/linux:*:*:*:*:basic:*:*:*", matchCriteriaId: "48DC5B58-0E31-480E-BF05-787287DFF42B", versionEndExcluding: "10.3.2-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:micros_compact_workstation_3_firmware:310:*:*:*:*:*:*:*", matchCriteriaId: "1CE3FF32-E472-4E90-9DE5-803AD6FD9E27", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:micros_compact_workstation_3:-:*:*:*:*:*:*:*", matchCriteriaId: "7DA4F0AD-B8A4-4EB9-A220-FEEC9B147D3C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:micros_es400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9AA5297B-05DF-4A23-B684-60F2107339B0", versionEndIncluding: "410", versionStartIncluding: "400", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:micros_es400:-:*:*:*:*:*:*:*", matchCriteriaId: "A2BBD07A-4731-41D1-AB66-77082951D99C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:micros_kitchen_display_system_firmware:210:*:*:*:*:*:*:*", matchCriteriaId: "57E6A365-F04F-4991-888F-D8E9391A9857", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:micros_kitchen_display_system:-:*:*:*:*:*:*:*", matchCriteriaId: "D1424AF8-9337-427B-B6FA-C5EB8B201FB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:micros_workstation_5a_firmware:5a:*:*:*:*:*:*:*", matchCriteriaId: "C78FDD3A-F241-4172-8725-7D51D8E705E7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:micros_workstation_5a:-:*:*:*:*:*:*:*", matchCriteriaId: "F607BA3F-246F-42BE-9EBD-A2CAE098C0C2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:micros_workstation_6_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D59535D6-8D64-4B8F-BC1B-5846600C9F81", versionEndIncluding: "655", versionStartIncluding: "610", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:micros_workstation_6:-:*:*:*:*:*:*:*", matchCriteriaId: "82A66154-5DF0-43FF-9F70-1221D3E6F919", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "977CA754-6CE0-4FCB-9683-D81B7A15449D", versionEndIncluding: "10.3.0.2.1", versionStartIncluding: "10.3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B", versionEndIncluding: "10.4.0.3.1", versionStartIncluding: "10.4.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*", matchCriteriaId: "26F05F85-7458-4C8F-B93F-93C92E506A40", versionEndIncluding: "7.7.1", versionStartIncluding: "7.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.", }, { lang: "es", value: "Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de \"sudoedit -s\" y un argumento de línea de comandos que termina con un solo carácter de barra invertida", }, ], id: "CVE-2021-3156", lastModified: "2025-04-03T19:47:48.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-01-26T21:15:12.987", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Feb/42", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jan/79", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Feb/3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/26/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/15/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/8", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10348", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-33", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210128-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210128-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212177", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4839", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/794544", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/01/26/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.sudo.ws/stable.html#1.9.5p2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_21_02", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Feb/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jan/79", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Feb/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/26/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/01/27/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/15/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/30/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210128-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210128-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/794544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/01/26/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.sudo.ws/stable.html#1.9.5p2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_21_02", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-193", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }