Linux 的 sudo 安全漏洞的問題,這次比較麻煩,只要能登入本機的,都有可能能得到 root 的權限。
- sudo 影響的版本
- Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1 are affected.
CVE-2021-3156 Sudo 安全漏洞
此次影響的範圍很大,詳細可見下述:
- CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
- 下述摘錄自此篇:Buffer overflow in command line unescaping
- A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
Debian (stretch or buster) / Ubuntu Linux 新版應該都只要 apt update && apt upgrade 就可以解決了。
在此就不紀錄套件版本,直接寫怎麼確認是否有把此問題解決的方法。
sudo 的漏洞問題驗證方式(vulnerable)
下述是幾種不同的驗證方式
登入一般非 root 的帳號,輸入下述命令
- $ sudoedit -s '\' `perl -e 'print "A" x 65536'`
- vulnerable:結果是 Segmentation fault
- 正常:usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...
- $ sudoedit -s /
- vulnerable:sudoedit: /: not a regular file
- 正常:usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...