cve-2021-3156-sudo

Reporting data (inventory) and remediaton for CVE-2021-3156, a heap overflow in sudo that allows privilege escalation.
Repository Report issue

Maintainer

Nick Anderson

Module stats

Total Downloads: 408
Updated: Dec 15, 2021

Installation version

Version
0.0.1
0.0.1
Released on Dec 15, 2021

Tags

Installation

                    
cfbs add cve-2021-3156-sudo
Description
Dependencies
Discussion

CVE-2021-3156 describes a heap overflow vulnerability in sudo discovered by security researchers from Qualys. This vulnerability allows an unprivileged user to gain root privileges without authentication.

This policy tests for the presence of the vulnerability and inventories it's presence. If the vulnerability is present sudo promises to run the most recent version available in warning mode unless default:cve_2021_3156_remediate or northerntech_security_hardening:cve_2021_3156_remediate is defined in which case sudo is automatically upgraded to the latest version available.

Recommendation: Upgrade sudo to a version that is not vulnerable

Inventory

CVE
Defined with value CVE-2021-3156 when the vulnerability is present.

https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-3156-sudo/host-info-invenory.png

Configuration

default:cve_2021_3156_remediate or northerntech_security_hardening:cve_2021_3156_remediate
When defined, if the vulnerability is found the policy tries to upgrade sudo to the latest available version. When not defined, sudo upgrade to latest version is promised as a warning only.

https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-3156-sudo/policy-analyzer-warning-promised.png

Dependencies

This module has no dependencies

Find related thread in GitHub discussions or Start a new discussion