CISA KEV 정보
| 취약점명 | Sudo Heap-Based Buffer Overflow Vulnerability |
|---|---|
| 설명 | Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-122 | CWE-193 |
| 등록일 (KEV) | 2022-04-06 |
| 조치 기한 | 2022-04-27 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2021-3156 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CWE: CWE-193 | CWE-193
참조
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html [Exploit, Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2021/Feb/42 [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2021/Jan/79 [Exploit, Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2024/Feb/3 [Exploit, Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2021/01/26/3 [Exploit, Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2021/01/27/1 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2021/01/27/2 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2021/02/15/1 [Exploit, Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2021/09/14/2 [Mailing List, Patch, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2024/01/30/6 [Exploit, Mailing List]
- http://www.openwall.com/lists/oss-security/2024/01/30/8 [Mailing List]
- ... 외 53건
This product uses the NVD API but is not endorsed or certified by the NVD.