---

CVE-2021-3156 - log back

CVE-2021-3156 edited at 26 Jan 2021 18:54:42

References

https://www.sudo.ws/alerts/unescape_overflow.html https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit https://www.openwall.com/lists/oss-security/2021/01/26/3 + https://www.sudo.ws/repos/sudo/rev/9b97f1787804 + https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b https://www.sudo.ws/repos/sudo/rev/049ad90590be + https://www.sudo.ws/repos/sudo/rev/09f98816fc89 + https://www.sudo.ws/repos/sudo/rev/c125fbe68783

CVE-2021-3156 edited at 26 Jan 2021 18:37:17
Severity	- High + Critical
References	https://www.sudo.ws/alerts/unescape_overflow.html + https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit https://www.openwall.com/lists/oss-security/2021/01/26/3 https://www.sudo.ws/repos/sudo/rev/049ad90590be

CVE-2021-3156 edited at 26 Jan 2021 18:28:09

Description

- A serious heap-based buffer overflow has been discovered in sudo 1.9.5p2 that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug. + A serious heap-based buffer overflow has been discovered in sudo before version 1.9.5p2 that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.

CVE-2021-3156 edited at 26 Jan 2021 18:26:28
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Privilege escalation
Description	+ A serious heap-based buffer overflow has been discovered in sudo 1.9.5p2 that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.
References	+ https://www.sudo.ws/alerts/unescape_overflow.html + https://www.openwall.com/lists/oss-security/2021/01/26/3 + https://www.sudo.ws/repos/sudo/rev/049ad90590be
Notes

CVE-2021-3156 created at 26 Jan 2021 18:19:09