A recent vulnerability tracked as CVE-2021-3156 in Sudo, a powerful utility used on any standard Linux installation, could allow unprivileged local users to gain root privileges on a vulnerable host. This flaw needs no authentication and is based on a heap buffer overflow in Sudo legacy versions 1.8.2 to 1.8.31p2 and all stable versions (1.9.0 to 1.9.5p1).
The vulnerability is also known as “Baron Samedit.” It was discovered in January 2021 by security auditing firm Qualys and fixed at the end of that month with the release v1.9.5p2.
The researchers developed three exploits for the vulnerability and were able to obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27) and Fedora 33 (Sudo 1.9.2). Other operating systems are likely exploitable, the researchers said.
Digging into the details
Through a simple explanation provided by the Sudo team, the Baron Samedit flaw can be exploited by an attacker who has gained access to a low-privileged account to obtain root privileges, even if the account is not listed in the Sudoers group.
Is a local user required to exploit the vulnerability? Yes, however, this user does not need to be a privileged user or be a part of the