{"id":975,"date":"2021-03-17T12:26:08","date_gmt":"2021-03-17T12:26:08","guid":{"rendered":"https:\/\/www.velaninfo.com\/rs\/?post_type=techtips&#038;p=975"},"modified":"2021-03-17T13:32:51","modified_gmt":"2021-03-17T13:32:51","slug":"fix-vulnerabilities-in-sudo-package","status":"publish","type":"techtips","link":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/","title":{"rendered":"How to fix vulnerabilities in sudo package?"},"content":{"rendered":"<p>Qualys provide cloud security, compliance and related services research team has disconvered the overflow vulnerability in sudo. This vulnerability has been hiding for nearly 10 years. Te bug allows any local users to gain root access without authentication (no user\u2019s password required.<\/p>\n<p>The two vulnerabilities identified are<\/p>\n<ul>\n<li>A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)<\/li>\n<li>A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239)<\/li>\n<\/ul>\n<p>Different variants of exploit have obtained full root privileges on Ubuntu 20.04 (sudo 1.8.31), Debian 10 (sudo 1.8.27) and Fedora 33 (sudo 1.9.2)<\/p>\n<p>It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.<\/p>\n<p>RHEL, Amazon Linux and other distros of Linux is also affected and were unpatched.<\/p>\n<p><strong>Solution:<\/strong><\/p>\n<p>The vulnerabilities can be fixed by updating the packages to secure version<\/p>\n<p><strong>Ubuntu \/ Debian<\/strong>(Ubuntu version 16.04\/18.04\/20.04 LTS and 20.10)<\/p>\n<p># sudo apt update<\/p>\n<p># sudo apt upgrade<\/p>\n<p>OR<\/p>\n<p># sudo apt install sudo<\/p>\n<p># sudo \u2013version<\/p>\n<p><strong>Arch Linux<\/strong><\/p>\n<p># sudopacman -Syu<\/p>\n<p><strong>Red Hat Enterprise Linux 8.x-7.x and CentOS and Fedora Linux<\/strong><\/p>\n<p># dnf or yum update<\/p>\n<p><strong>Suse and OpenSUSE Linux:<\/strong><\/p>\n<p># sudozypperlp -a | grep -isudo<\/p>\n<p># sudozypper up<\/p>\n<p>At <strong>Velan<\/strong>, our server support engineers can help you resolve server vulnerabilities by hardening the server. We troubleshoot problems like these for our clients every day. If you are interested in our service, please fill the Quick connect form to <a href=\"https:\/\/www.velaninfo.com\/contact\"><strong>get in touch with us<\/strong><\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Qualys provide cloud security, compliance and related services research team has disconvered the overflow vulnerability in sudo. This vulnerability has been hiding for nearly 10 years. Te bug allows any local users to gain root access without authentication (no user\u2019s password required. The two vulnerabilities identified are A local attacker could possibly use this issue&#8230;<a class=\"continue-reading text-uppercase\" href=\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\"> Continue Reading <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.velaninfo.com\/rs\/wp-content\/themes\/velaninfo\/images\/reading_arw.png\" alt=\"Continue Reading\" width=\"16\" height=\"12\"\/><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"tags":[],"class_list":["post-975","techtips","type-techtips","status-publish","hentry","Categories_tech_tip-linux","Categories_tech_tip-server"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v19.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to fix vulnerabilities in sudo package | Velan<\/title>\n<meta name=\"description\" content=\"Steps to fix sudo package vulnerabilities\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to fix vulnerabilities in sudo package?\" \/>\n<meta property=\"og:description\" content=\"Steps to fix sudo package vulnerabilities\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\" \/>\n<meta property=\"og:site_name\" content=\"Velan\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-17T13:32:51+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\",\"url\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\",\"name\":\"How to fix vulnerabilities in sudo package | Velan\",\"isPartOf\":{\"@id\":\"https:\/\/www.velaninfo.com\/rs\/#website\"},\"datePublished\":\"2021-03-17T12:26:08+00:00\",\"dateModified\":\"2021-03-17T13:32:51+00:00\",\"description\":\"Steps to fix sudo package vulnerabilities\",\"breadcrumb\":{\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.velaninfo.com\/rs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tech Tips\",\"item\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to fix vulnerabilities in sudo package?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/#website\",\"url\":\"https:\/\/www.velaninfo.com\/rs\/\",\"name\":\"Velan\",\"description\":\"Velaninfo Services India Pvt Ltd\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.velaninfo.com\/rs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to fix vulnerabilities in sudo package | Velan","description":"Steps to fix sudo package vulnerabilities","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/","og_locale":"en_US","og_type":"article","og_title":"How to fix vulnerabilities in sudo package?","og_description":"Steps to fix sudo package vulnerabilities","og_url":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/","og_site_name":"Velan","article_modified_time":"2021-03-17T13:32:51+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/","url":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/","name":"How to fix vulnerabilities in sudo package | Velan","isPartOf":{"@id":"https:\/\/www.velaninfo.com\/rs\/#website"},"datePublished":"2021-03-17T12:26:08+00:00","dateModified":"2021-03-17T13:32:51+00:00","description":"Steps to fix sudo package vulnerabilities","breadcrumb":{"@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/fix-vulnerabilities-in-sudo-package\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.velaninfo.com\/rs\/"},{"@type":"ListItem","position":2,"name":"Tech Tips","item":"https:\/\/www.velaninfo.com\/rs\/techtips\/"},{"@type":"ListItem","position":3,"name":"How to fix vulnerabilities in sudo package?"}]},{"@type":"WebSite","@id":"https:\/\/www.velaninfo.com\/rs\/#website","url":"https:\/\/www.velaninfo.com\/rs\/","name":"Velan","description":"Velaninfo Services India Pvt Ltd","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.velaninfo.com\/rs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips"}],"about":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/types\/techtips"}],"author":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/comments?post=975"}],"version-history":[{"count":2,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/975\/revisions"}],"predecessor-version":[{"id":977,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/975\/revisions\/977"}],"wp:attachment":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/media?parent=975"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/tags?post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}