CVE - CVE-2021-3156

CVE-ID
CVE-2021-3156	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CERT-VN:VU#794544 URL:https://www.kb.cert.org/vuls/id/794544 CISCO:20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021 URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10348 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10348 CONFIRM:https://security.netapp.com/advisory/ntap-20210128-0001/ URL:https://security.netapp.com/advisory/ntap-20210128-0001/ CONFIRM:https://security.netapp.com/advisory/ntap-20210128-0002/ URL:https://security.netapp.com/advisory/ntap-20210128-0002/ CONFIRM:https://support.apple.com/kb/HT212177 URL:https://support.apple.com/kb/HT212177 CONFIRM:https://www.sudo.ws/stable.html#1.9.5p2 URL:https://www.sudo.ws/stable.html#1.9.5p2 CONFIRM:https://www.synology.com/security/advisory/Synology_SA_21_02 URL:https://www.synology.com/security/advisory/Synology_SA_21_02 DEBIAN:DSA-4839 URL:https://www.debian.org/security/2021/dsa-4839 FEDORA:FEDORA-2021-2cb63d912a URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/ FEDORA:FEDORA-2021-8840cbdccd URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/ FULLDISC:20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) URL:http://seclists.org/fulldisclosure/2021/Jan/79 FULLDISC:20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 URL:http://seclists.org/fulldisclosure/2021/Feb/42 FULLDISC:20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() URL:http://seclists.org/fulldisclosure/2024/Feb/3 GENTOO:GLSA-202101-33 URL:https://security.gentoo.org/glsa/202101-33 MISC:http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html MISC:https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156 MISC:http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html URL:http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html MISC:http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html URL:http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html MISC:http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html URL:http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html MISC:http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html URL:http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html MISC:https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability URL:https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability MISC:https://www.openwall.com/lists/oss-security/2021/01/26/3 URL:https://www.openwall.com/lists/oss-security/2021/01/26/3 MISC:https://www.oracle.com//security-alerts/cpujul2021.html URL:https://www.oracle.com//security-alerts/cpujul2021.html MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpuoct2021.html URL:https://www.oracle.com/security-alerts/cpuoct2021.html MLIST:[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html MLIST:[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) URL:http://www.openwall.com/lists/oss-security/2021/01/26/3 MLIST:[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) URL:http://www.openwall.com/lists/oss-security/2021/01/27/1 MLIST:[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) URL:http://www.openwall.com/lists/oss-security/2021/01/27/2 MLIST:[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit URL:http://www.openwall.com/lists/oss-security/2021/02/15/1 MLIST:[oss-security] 20210914 Re: Oracle Solaris membership in the distros list URL:http://www.openwall.com/lists/oss-security/2021/09/14/2 MLIST:[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() URL:http://www.openwall.com/lists/oss-security/2024/01/30/6 MLIST:[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() URL:http://www.openwall.com/lists/oss-security/2024/01/30/8
Assigning CNA
MITRE Corporation
Date Record Created
20210115	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210115)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)