Segui Gatlan posted an article about a decade old Now-Fixed SUDO linux hack on BleepingComputer; a command that would give users root privileges.
It is well-known in the tech community that Linux is one of the most secure operating systems on the planet. However, there are some workarounds to make it vulnerable if the targeted user (or in this case, admin) is not careful enough with their security.
A Sudo Linux Hack (now-fixed) Gave Root Access
In a recent report by Segui Gatlan, a now-fixed sudo bug would give people root privileges and harm the system, without even breaching the system in the first place; according to Linux experts, this hack works on the Principle of Least Privilege.
This hack (Nowfixed Sudo Linuxgatlanbleepingcomputer) lets unprivileged users to execute sudo (Superuser Do) commands without even breaking authentication. Sudo is a command that only a root user can execute. A root is an entity with every privilege to control the system. Typically, the most qualities person or an admin, is the root user of the system.
The Bug is Formally Knows as CVE-2021-3156 [aka Baron Samedit]
Senior security research from Qualys discovered this rare Linux vulnerability (Nowfixed Sudo Linuxgatlanbleepingcomputer) and named it Baron Samedit while the scientific name for this flaw is CVE-2021-3156.
As soon as they found this flaw, they suggested the necessary changes to Linux Foundation and made sure that the problem is fixed before publicly announcing it. On Januray 13, 2021, Qualys researchers went public with the Baron Samedit sudo hack.
Baron Samedit – The Sudo Hack Explained
The Baron Samedit allows even the underprivileged users to take advantage of what’s called a heap-based buffer overflow that happens by “sudo when it incorrectly unescapes backslashes in the arguments,” as written by Gatlan in his BleepingComputer report. Let us explain the issue in simple terms.
To exploit this vulnerability (Nowfixed Sudo Linuxgatlanbleepingcomputer), an attacker needs to execute arbitrary code on the target system, then install a malicious kernel module through the keyring.
“Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i)…However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible,” as written on the 1.9.5p2 changelog.
Qualys Demonstrates the Baron Samedit Vulnerability
To demonstrate how the flaw worked and gave root access to unauthorized users, Qualys created three CVE-2021-3156 exploits and gained root privileges on Debian 10 (sudo 1.8.27), Fedora 33 (Sudo 1.9.2), and the Ubuntu 20.04 (Sudo 1.8.31) distros.
According to Qaulys, more distro could also be exploitable, but these three were confirmed by the security company. More information about Baron Samedit by Qualys here.
Qualys also released a video explaining the CVE-2021-3156 Heap-Based Buffer Overflow in the following video:
The Sudo vulnerability in Unix-like operating systems was a flaw that allowed local users to gain root privileges without authentication. This heap-based buffer overflow issue was caused by Sudo’s incorrect handling of backslashes in arguments.
The vulnerability (Nowfixed Sudo Linuxgatlanbleepingcomputer) was discovered by Qualys security researchers and named Baron Samedit (CVE-2021-3156). The issue was fixed in Sudo version 1.9.5p2 and all administrators using Sudo were advised to immediately upgrade to the latest version. The flaw affected all stable versions of Sudo from 1.9.0 to 1.9.5p1 and all older versions from 1.8.2 to 1.8.31p2.
Curtsy 11m Index Venturespereztechcrunch, Curtsy Raises $11M Funding from Index Ventures (Sarah Perez on TechCrunch)