USA +1 855 726 4878  |  BR +55 11 3069 3925 

The vulnerability of the Sudo APP in Linux

by | Mar 10, 2021 | BLOG

In the late 1960s, AT&T Bell Labs launched Unix, its operating system. The new system, which uses a command-line interface, or CLI, soon became popular in companies around the world for having open source, in addition to allowing easy modification and good portability. Almost three decades later, in 1991, Linus Torvalds, a software engineer at the University of Helsinki, created his own operating system, which he called Linux. The origin of the name of this new system would be exactly the name of its developer associated with the word Unix, on which the Linux kernel is based.

Today, both operating systems are present all over the world, in addition to several types of devices: from embedded systems of automobiles and mobile phones to network devices and web servers. Additionally, Linux-based operating systems have been sought by IT application developers. Many technologies associated with the DevOps universe, such as containers and cloud environments, are built around Linux.

However, along with the growth in its use, the threats associated with Unix and Linux-based operating systems are also greater. According to IBM in its X-Force Threat Intelligence Index report, in 2020 alone, hackers have created 56 categories of viruses for Linux, a 40% increase from 2019. Malicious attackers also take advantage of the growing use of Linux/Unix to discover and exploit vulnerabilities in these systems.

One of the most powerful and fundamental tools for Linux and Unix users is Sudo, or SuperUser DO, and is found in all distributions of these operating systems. And when a vulnerability is found in Sudo, the problem is certainly very critical. That’s because Sudo is a command used to access privileged files and operations on Unix-based operating systems. By default, these operating systems restrict access to certain parts of the system, allowing sensitive files to be compromised by users. Thus, the Sudo command temporarily elevates the user’s privileges, allowing the execution of administrative tasks without the user having to authenticate as an administrator or root. 

In early 2021, Qualys discovered and disclosed another critical vulnerability associated with Linux Sudo. The CVE-2021-3156 heap overflow vulnerability, also known as Baron Samedit, was addressed in the update to Sudo version 1.9.5p2, released in late January. 

CVE-2021-3156, which would have been present in the operating system for at least 10 years, allows a malicious attacker with a common, low-privileged user to gain privileged access, even if their account is not listed in /etc/Sudoers – a configuration file that controls which users have access to the Sudo command. 

To give you an idea, in the last two years, two other vulnerabilities in the Sudo command have been found, but none as serious and dangerous as the discovery by the Qualys’ security team, considering the scope and impact of the newly discovered vulnerability. This is mainly because this vulnerability is found in several Linux-based operating systems and distributions, such as Ubuntu 20.04, Debian 10, and Fedora 33. 

One way to mitigate the risks associated with this vulnerability is to update Sudo on your Linux servers to version 1.9.5p2. Besides, if the Sudo and Sudoedit binaries are not in use, we suggest that they be excluded from the servers. Finally, it is recommended to use senhasegura.go for Linux to control the elevation of privileges on devices.

By using senhasegura.go on devices, one can temporarily elevate user privileges for executing commands and applications, allowing control of the administrative privileges of the credentials managed by the solution. Through a local agent installed on workstations, senhasegura.go allows you to start applications and execute commands by injecting credentials automatically. Other features offered by senhasegura.go include:

  • It is possible to use lists of authorized, blocked, and notified actions for execution;
  • In addition to working on Sudo, senhasegura.go also offers an additional layer of 

security over tools such as ACS, PAM, and SELinux, without the need to update the kernel, acting as LSM (Linux Security Machines);

  • Logging of all actions performed through privileged credentials, bringing maximum visibility to actions performed by users, reducing the effort of auditing privileged activities;
  • Complete integration with the senhasegura PAM platform.

To learn more about how the senhasegura.go solution for Linux can help your organization mitigate the risks associated with elevating privileges on servers, request a demo today.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...