CVE-2021-3156
Published at:
-
26-01-2021 10:15
Last modified:
-
03-09-2022 05:40
Total changes:
-
24
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.8
Base score
1.8
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- https://www.sudo.ws/stable.html#1.9.5p2
- [oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)-Exploit, Mailing List, Third Party Advisory
- GLSA-202101-33-Third Party Advisory
- FEDORA-2021-2cb63d912a-Mailing List, Third Party Advisory
- DSA-4839-Third Party Advisory
- FEDORA-2021-8840cbdccd-Mailing List, Third Party Advisory
- [oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)-Mailing List, Third Party Advisory
- [oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)-Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- https://security.netapp.com/advisory/ntap-20210128-0001/
- https://security.netapp.com/advisory/ntap-20210128-0002/
- 20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021-Third Party Advisory
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
- VU#794544-Third Party Advisory, US Government Resource
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
- https://support.apple.com/kb/HT212177
- 20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002-Mailing List, Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348
- [oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit-Exploit, Mailing List, Third Party Advisory
- [debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update-Mailing List, Third Party Advisory
- 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)-Exploit, Mailing List, Third Party Advisory
- https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
- https://www.synology.com/security/advisory/Synology_SA_21_02
- N/A-Patch, Third Party Advisory
- [oss-security] 20210914 Re: Oracle Solaris membership in the distros list-Mailing List, Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords