BR +55 11 3069 3925 | USA +1 469 620 7643

The vulnerability of the Sudo APP in Linux

by | Mar 10, 2021 | BLOG

In the late 1960s, AT&T Bell Labs launched Unix, its operating system. The new system, which uses a command-line interface, or CLI, soon became popular in companies around the world for having open source, in addition to allowing easy modification and good portability. Almost three decades later, in 1991, Linus Torvalds, a software engineer at the University of Helsinki, created his own operating system, which he called Linux. The origin of the name of this new system would be exactly the name of its developer associated with the word Unix, on which the Linux kernel is based.

Today, both operating systems are present all over the world, in addition to several types of devices: from embedded systems of automobiles and mobile phones to network devices and web servers. Additionally, Linux-based operating systems have been sought by IT application developers. Many technologies associated with the DevOps universe, such as containers and cloud environments, are built around Linux.

However, along with the growth in its use, the threats associated with Unix and Linux-based operating systems are also greater. According to IBM in its X-Force Threat Intelligence Index report, in 2020 alone, hackers have created 56 categories of viruses for Linux, a 40% increase from 2019. Malicious attackers also take advantage of the growing use of Linux/Unix to discover and exploit vulnerabilities in these systems.

One of the most powerful and fundamental tools for Linux and Unix users is Sudo, or SuperUser DO, and is found in all distributions of these operating systems. And when a vulnerability is found in Sudo, the problem is certainly very critical. That’s because Sudo is a command used to access privileged files and operations on Unix-based operating systems. By default, these operating systems restrict access to certain parts of the system, allowing sensitive files to be compromised by users. Thus, the Sudo command temporarily elevates the user’s privileges, allowing the execution of administrative tasks without the user having to authenticate as an administrator or root. 

In early 2021, Qualys discovered and disclosed another critical vulnerability associated with Linux Sudo. The CVE-2021-3156 heap overflow vulnerability, also known as Baron Samedit, was addressed in the update to Sudo version 1.9.5p2, released in late January. 

CVE-2021-3156, which would have been present in the operating system for at least 10 years, allows a malicious attacker with a common, low-privileged user to gain privileged access, even if their account is not listed in /etc/Sudoers – a configuration file that controls which users have access to the Sudo command. 

To give you an idea, in the last two years, two other vulnerabilities in the Sudo command have been found, but none as serious and dangerous as the discovery by the Qualys’ security team, considering the scope and impact of the newly discovered vulnerability. This is mainly because this vulnerability is found in several Linux-based operating systems and distributions, such as Ubuntu 20.04, Debian 10, and Fedora 33. 

One way to mitigate the risks associated with this vulnerability is to update Sudo on your Linux servers to version 1.9.5p2. Besides, if the Sudo and Sudoedit binaries are not in use, we suggest that they be excluded from the servers. Finally, it is recommended to use senhasegura.go for Linux to control the elevation of privileges on devices.

By using senhasegura.go on devices, one can temporarily elevate user privileges for executing commands and applications, allowing control of the administrative privileges of the credentials managed by the solution. Through a local agent installed on workstations, senhasegura.go allows you to start applications and execute commands by injecting credentials automatically. Other features offered by senhasegura.go include:

  • It is possible to use lists of authorized, blocked, and notified actions for execution;
  • In addition to working on Sudo, senhasegura.go also offers an additional layer of 

security over tools such as ACS, PAM, and SELinux, without the need to update the kernel, acting as LSM (Linux Security Machines);

  • Logging of all actions performed through privileged credentials, bringing maximum visibility to actions performed by users, reducing the effort of auditing privileged activities;
  • Complete integration with the senhasegura PAM platform.

To learn more about how the senhasegura.go solution for Linux can help your organization mitigate the risks associated with elevating privileges on servers, request a demo today.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...
Copy link