wid-sec-w-2023-0066
Vulnerability from csaf_certbund
Published
2021-01-26 23:00
Modified
2023-06-29 22:00
Summary
sudo: Schwachstelle ermöglicht Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Sudo ist ein Linux System Werkzeug um Befehle unter anderem Benutzernamen/Gruppennamen (UID/GID) auszuführen.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in sudo ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- UNIX - Linux - MacOS X - Hardware Appliance



{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Sudo ist ein Linux System Werkzeug um Befehle unter anderem Benutzernamen/Gruppennamen (UID/GID) auszuf\u00fchren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in sudo ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0066 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0066.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0066 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0066"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0928-1 vom 2021-03-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008540.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2021-0012 vom 2021-06-03",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-June/001015.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9169 vom 2021-04-15",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9169.html"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory MBGSA-2021.02 vom 2021-04-20",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1267-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008659.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1275-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008661.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1274-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008662.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1273-1 vom 2021-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008663.html"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-Liste vom 2021-01-26",
        "url": "https://seclists.org/oss-sec/2021/q1/71"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0218 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0218"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0219 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0219"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0220 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0220"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0221 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0221"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0222 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0222"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0223 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0223"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0224 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0224"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0225 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0225"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0226 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0226"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0227 vom 2021-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:0227"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4705 vom 2021-01-26",
        "url": "https://ubuntu.com/security/notices/USN-4705-1"
      },
      {
        "category": "external",
        "summary": "Oracle Security Announcement ELSA-2021-0221 vom 2021-01-26",
        "url": "http://linux.oracle.com/errata/ELSA-2021-0221.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Announcement DLA 2534-1 vom 2021-01-26",
        "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0225-1 vom 2021-01-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008251.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Announcement DSA-4839 vom 2021-01-26",
        "url": "https://www.debian.org/security/2021/dsa-4839"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0226-1 vom 2021-01-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008250.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0227-1 vom 2021-01-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008250.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Announcement ASA-202101-25 vom 2021-01-26",
        "url": "https://security.archlinux.org/ASA-202101-25"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Announcement GLSA 202101-33 vom 2021-01-26",
        "url": "https://security.gentoo.org/glsa/202101-33"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4705-2 vom 2021-01-27",
        "url": "https://usn.ubuntu.com/4705-2"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-21-02 vom 2021-01-28",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-21-02"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9019 vom 2021-01-27",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0232-1 vom 2021-01-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008252.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-0218 vom 2021-01-27",
        "url": "http://linux.oracle.com/errata/ELSA-2021-0218.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2021-0003 vom 2021-01-28",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-January/001009.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory CISCO-SA-SUDO-PRIVESC-JAN2021-QNYQFCM vom 2021-01-29",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
      },
      {
        "category": "external",
        "summary": "Tweet @hackerfantastic vom 2021-02-02",
        "url": "https://twitter.com/hackerfantastic/status/1356645638151303169"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0395 vom 2021-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2021:0395"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0401 vom 2021-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2021:0401"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1590 vom 2021-02-03",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1590.html"
      },
      {
        "category": "external",
        "summary": "Unify Security Advisory Report OBSO-2102-01 vom 2021-02-04",
        "url": "https://networks.unify.com/security/advisories/OBSO-2102-01.pdf"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory CISCO-SA-SUDO-PRIVESC-JAN2021-QNYQFCM vom 2021-02-05",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-008 vom 2021-02-04",
        "url": "https://downloads.avaya.com/css/P8/documents/101073903"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-007 vom 2021-02-04",
        "url": "https://downloads.avaya.com/css/P8/documents/101073902"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory HT212177 vom 2021-02-09",
        "url": "https://support.apple.com/en-us/HT212177"
      },
      {
        "category": "external",
        "summary": "McAfee Security Bulletin SB10348 vom 2021-02-18",
        "url": "http://www.auscert.org.au/bulletins/ESB-2021.0609"
      },
      {
        "category": "external",
        "summary": "McAfee Security Bulletin SB10348 vom 2021-02-18 vom 2021-02-18",
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
      },
      {
        "category": "external",
        "summary": "Synology Security Advisory SYNOLOGY-SA-21:02 vom 2021-02-22",
        "url": "https://www.synology.com/en-global/support/security/Synology_SA_21_02"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04095en_us"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2021-114 vom 2021-06-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000187723/dsa-2021-114-dell-emc-networker-vproxy-security-update-for-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA70182 vom 2023-01-12",
        "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
      }
    ],
    "source_lang": "en-US",
    "title": "sudo: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2023-06-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:41:10.850+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0066",
      "initial_release_date": "2021-01-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-01-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-01-27T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu, QNAP, Oracle Linux und SUSE aufgenommen"
        },
        {
          "date": "2021-01-28T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2021-01-31T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Cisco aufgenommen"
        },
        {
          "date": "2021-02-01T23:00:00.000+00:00",
          "number": "5",
          "summary": "Produkte angepasst"
        },
        {
          "date": "2021-02-02T23:00:00.000+00:00",
          "number": "6",
          "summary": "Apple macOS und IBM AIX ebenfalls betroffen, derzeit kein Patch"
        },
        {
          "date": "2021-02-03T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat und Amazon aufgenommen"
        },
        {
          "date": "2021-02-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Unify aufgenommen"
        },
        {
          "date": "2021-02-07T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Informationen von Cisco aufgenommen - FXOS nicht betroffen"
        },
        {
          "date": "2021-02-08T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-02-09T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Apple aufgenommen"
        },
        {
          "date": "2021-02-18T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von McAfee aufgenommen"
        },
        {
          "date": "2021-02-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Synology aufgenommen"
        },
        {
          "date": "2021-03-01T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2021-03-24T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-04-15T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-04-19T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2021-04-20T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-06-01T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2021-06-03T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2023-01-11T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "22"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Apple macOS",
            "product": {
              "name": "Apple macOS",
              "product_id": "697",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:mac_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya one-X",
            "product": {
              "name": "Avaya one-X",
              "product_id": "1024",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:one-x:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cisco Nexus 3000",
                "product": {
                  "name": "Cisco Nexus 3000",
                  "product_id": "T003851",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:nexus:3000"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Cisco Nexus 9000",
                "product": {
                  "name": "Cisco Nexus 9000",
                  "product_id": "T003853",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:nexus:9000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nexus"
          },
          {
            "category": "product_name",
            "name": "Cisco Prime Collaboration",
            "product": {
              "name": "Cisco Prime Collaboration",
              "product_id": "190829",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:prime_collaboration:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC NetWorker \u003c 19.4.0.2",
            "product": {
              "name": "EMC NetWorker \u003c 19.4.0.2",
              "product_id": "T019366",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:networker:19.4.0.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM AIX",
            "product": {
              "name": "IBM AIX",
              "product_id": "5094",
              "product_identification_helper": {
                "cpe": "cpe:/o:ibm:aix:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper Contrail Service Orchestration",
            "product": {
              "name": "Juniper Contrail Service Orchestration",
              "product_id": "T025794",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:contrail_service_orchestration:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "McAfee Web Gateway",
            "product": {
              "name": "McAfee Web Gateway",
              "product_id": "T003324",
              "product_identification_helper": {
                "cpe": "cpe:/a:mcafee:web_gateway:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "McAfee"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Meinberg LANTIME",
            "product": {
              "name": "Meinberg LANTIME",
              "product_id": "T018353",
              "product_identification_helper": {
                "cpe": "cpe:/h:meinberg:lantime:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source sudo \u003c 1.9.5_p2",
            "product": {
              "name": "Open Source sudo \u003c 1.9.5_p2",
              "product_id": "T018177",
              "product_identification_helper": {
                "cpe": "cpe:/a:todd_miller:sudo:1.9.5_p2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "QNAP NAS",
            "product": {
              "name": "QNAP NAS",
              "product_id": "T017100",
              "product_identification_helper": {
                "cpe": "cpe:/h:qnap:nas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "T015361",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Synology DiskStation Manager",
            "product": {
              "name": "Synology DiskStation Manager",
              "product_id": "450918",
              "product_identification_helper": {
                "cpe": "cpe:/a:synology:diskstation_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Synology"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Unify OpenScape Branch",
            "product": {
              "name": "Unify OpenScape Branch",
              "product_id": "T018258",
              "product_identification_helper": {
                "cpe": "cpe:/h:unify:openscape_branch:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape Business",
            "product": {
              "name": "Unify OpenScape Business",
              "product_id": "T016636",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_business:v2r7.1.1_037"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape Common Management Platform",
            "product": {
              "name": "Unify OpenScape Common Management Platform",
              "product_id": "T018017",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_common_management_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape Mediaserver",
            "product": {
              "name": "Unify OpenScape Mediaserver",
              "product_id": "T018253",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_mediaserver:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape SBC",
            "product": {
              "name": "Unify OpenScape SBC",
              "product_id": "T008874",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_sbc:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape UC Application",
            "product": {
              "name": "Unify OpenScape UC Application",
              "product_id": "T015712",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_uc_application:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape Voice",
            "product": {
              "name": "Unify OpenScape Voice",
              "product_id": "T008873",
              "product_identification_helper": {
                "cpe": "cpe:/a:unify:openscape_voice:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Unify OpenScape Xpert",
            "product": {
              "name": "Unify OpenScape Xpert",
              "product_id": "T018014",
              "product_identification_helper": {
                "cpe": "cpe:/h:unify:openscape_xpert:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Unify"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3156",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in sudo, welche auf einen heap-basierten Puffer\u00fcberlauf zur\u00fcckzuf\u00fchren ist. Die Schwachstelle tritt bei dem Verarbeiten von Kommandozeilen-Argumenten auf. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte auf \"Root\" zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008873",
          "T008874",
          "T003324",
          "T016636",
          "T004914",
          "450918",
          "T015361",
          "697",
          "398363",
          "T025794",
          "190829",
          "T011119",
          "T015519",
          "T003851",
          "T015516",
          "T003853",
          "T015712",
          "T013312",
          "T018253",
          "5094",
          "T018353",
          "T017100",
          "T018014",
          "T018258",
          "T018017",
          "T002207",
          "1024",
          "T000126",
          "5104"
        ]
      },
      "release_date": "2021-01-26T23:00:00.000+00:00",
      "title": "CVE-2021-3156"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.