The team of researchers at Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, has discovered a major vulnerability in the program Sudo (Super User Do). Sudo is a very popular utility available in the major ones Unix-like operating systems and that allows users to run programs with security privileges of another user (usually the one defined as administrator or root user) in a secure way and, thus, becoming superusers.
Researchers revealed that by exploiting this vulnerability, any unprivileged user could use a default Sudo configuration on a Linux platform and thus gain administrator privileges. Qualys researchers independently validated this vulnerability and developed multiple variants of the exploit, gaining full administrator privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9.2). It is also likely, according to Qualys experts, that other operating systems and distributions are also exploitable.
“This vulnerability, identified as (CVE-2021-3156 / Baron Samedit) is perhaps the most prominent Sudo vulnerability in recent memory (in terms of both scope and impact) and which has been hidden from our knowledge for nearly a decade. ”Highlighted Mehul Ravankar, Qualys vice president of product management and engineering. “This is a very popular utility on modern Unix-like systems and is available by default on most of these systems, so there are probably millions of resources that are susceptible to this vulnerability. Sudo has created a patch and the security teams should apply it immediately. "
Update February 2021
The macOS Big Sur 11.2.1 update that Apple released fixes this sudo vulnerability that allowed an attacker to gain root access to the Mac.