Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0056
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0056)
Summary:	The remote host is missing an update for the 'sudo' package(s) announced via the MGASA-2021-0056 advisory.
Description:	Summary: The remote host is missing an update for the 'sudo' package(s) announced via the MGASA-2021-0056 advisory. Vulnerability Insight: A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug (CVE-2021-3156). Affected Software/OS: 'sudo' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3156 CERT/CC vulnerability note: VU#794544 https://www.kb.cert.org/vuls/id/794544 Cisco Security Advisory: 20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM https://kc.mcafee.com/corporate/index?page=content&id=SB10348 https://security.netapp.com/advisory/ntap-20210128-0001/ https://security.netapp.com/advisory/ntap-20210128-0002/ https://support.apple.com/kb/HT212177 https://www.sudo.ws/stable.html#1.9.5p2 https://www.synology.com/security/advisory/Synology_SA_21_02 Debian Security Information: DSA-4839 (Google Search) https://www.debian.org/security/2021/dsa-4839 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/ http://seclists.org/fulldisclosure/2021/Jan/79 http://seclists.org/fulldisclosure/2021/Feb/42 http://seclists.org/fulldisclosure/2024/Feb/3 https://security.gentoo.org/glsa/202101-33 http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability https://www.openwall.com/lists/oss-security/2021/01/26/3 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html http://www.openwall.com/lists/oss-security/2021/01/26/3 http://www.openwall.com/lists/oss-security/2021/01/27/1 http://www.openwall.com/lists/oss-security/2021/01/27/2 http://www.openwall.com/lists/oss-security/2021/02/15/1 http://www.openwall.com/lists/oss-security/2021/09/14/2 http://www.openwall.com/lists/oss-security/2024/01/30/6 http://www.openwall.com/lists/oss-security/2024/01/30/8
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.