BR +55 11 3069 3925 | USA +1 469 620 7643

The vulnerability of the Sudo APP in Linux

by | Mar 10, 2021 | BLOG

In the late 1960s, AT&T Bell Labs launched Unix, its operating system. The new system, which uses a command-line interface, or CLI, soon became popular in companies around the world for having open source, in addition to allowing easy modification and good portability. Almost three decades later, in 1991, Linus Torvalds, a software engineer at the University of Helsinki, created his own operating system, which he called Linux. The origin of the name of this new system would be exactly the name of its developer associated with the word Unix, on which the Linux kernel is based.

Today, both operating systems are present all over the world, in addition to several types of devices: from embedded systems of automobiles and mobile phones to network devices and web servers. Additionally, Linux-based operating systems have been sought by IT application developers. Many technologies associated with the DevOps universe, such as containers and cloud environments, are built around Linux.

However, along with the growth in its use, the threats associated with Unix and Linux-based operating systems are also greater. According to IBM in its X-Force Threat Intelligence Index report, in 2020 alone, hackers have created 56 categories of viruses for Linux, a 40% increase from 2019. Malicious attackers also take advantage of the growing use of Linux/Unix to discover and exploit vulnerabilities in these systems.

One of the most powerful and fundamental tools for Linux and Unix users is Sudo, or SuperUser DO, and is found in all distributions of these operating systems. And when a vulnerability is found in Sudo, the problem is certainly very critical. That’s because Sudo is a command used to access privileged files and operations on Unix-based operating systems. By default, these operating systems restrict access to certain parts of the system, allowing sensitive files to be compromised by users. Thus, the Sudo command temporarily elevates the user’s privileges, allowing the execution of administrative tasks without the user having to authenticate as an administrator or root. 

In early 2021, Qualys discovered and disclosed another critical vulnerability associated with Linux Sudo. The CVE-2021-3156 heap overflow vulnerability, also known as Baron Samedit, was addressed in the update to Sudo version 1.9.5p2, released in late January. 

CVE-2021-3156, which would have been present in the operating system for at least 10 years, allows a malicious attacker with a common, low-privileged user to gain privileged access, even if their account is not listed in /etc/Sudoers – a configuration file that controls which users have access to the Sudo command. 

To give you an idea, in the last two years, two other vulnerabilities in the Sudo command have been found, but none as serious and dangerous as the discovery by the Qualys’ security team, considering the scope and impact of the newly discovered vulnerability. This is mainly because this vulnerability is found in several Linux-based operating systems and distributions, such as Ubuntu 20.04, Debian 10, and Fedora 33. 

One way to mitigate the risks associated with this vulnerability is to update Sudo on your Linux servers to version 1.9.5p2. Besides, if the Sudo and Sudoedit binaries are not in use, we suggest that they be excluded from the servers. Finally, it is recommended to use senhasegura.go for Linux to control the elevation of privileges on devices.

By using senhasegura.go on devices, one can temporarily elevate user privileges for executing commands and applications, allowing control of the administrative privileges of the credentials managed by the solution. Through a local agent installed on workstations, senhasegura.go allows you to start applications and execute commands by injecting credentials automatically. Other features offered by senhasegura.go include:

  • It is possible to use lists of authorized, blocked, and notified actions for execution;
  • In addition to working on Sudo, senhasegura.go also offers an additional layer of 

security over tools such as ACS, PAM, and SELinux, without the need to update the kernel, acting as LSM (Linux Security Machines);

  • Logging of all actions performed through privileged credentials, bringing maximum visibility to actions performed by users, reducing the effort of auditing privileged activities;
  • Complete integration with the senhasegura PAM platform.

To learn more about how the senhasegura.go solution for Linux can help your organization mitigate the risks associated with elevating privileges on servers, request a demo today.

Top 7 Types of Phishing Attacks and How to Prevent Them

Social engineering, in the context of information security, consists of practices performed by hackers to manipulate users to take actions that go against their interests, exploiting their vulnerability and lack of knowledge for their benefit. One of the main types of...

ISO 27001 – What is the importance of having achieved the certification

The process of digital transformation has intensified in companies of all sizes and industries, and is considered an essential factor for business success. One of the main consequences of this process is the exponential growth in the amount of data from customers,...

Principle of Least Privilege: Understand the Importance of this Concept

Granting administrator access to a user who does not even have time to explain why they need this permission is not an efficient way to solve a company's problems but rather to harm its security.  This is because sensitive data can fall into the wrong hands through a...

How to Prevent DDoS Attacks in Your Company?

There are several methods by which malicious agents attack websites and destabilize network services and resources. One of the most widely used techniques is the DDoS attack, which means distributed denial-of-service. Through this attack, a website ends up becoming...

Gartner and PAM: What Does One of the Most Important Consulting Companies in the World Say About this Cybersecurity Solution?

All of us have already heard of digital transformation at some point. This phenomenon affects companies of all verticals and sizes and has been gaining prominence in the market.  Digital transformation increasingly requires organizational leaders to adapt their...