Here is What You Need to Know About the Sudo Vulnerability (CVE-2021-3156)

January 27, 2021 Nick Campbell

sudo vulnerability

Recently, Qualys identified a vulnerability in the Linux sudo command, which allows a local user or an attacker to gain unauthorized root privileges on a system. Because the sudo command is one of the oldest and most widely used commands on a Linux system, the inherent dangers significantly elevate this security issue’s importance. The majority of the web runs on Linux, so this vulnerability will affect most of the web.

Since becoming aware of this vulnerability, Liquid Web has been working diligently to plan and implement our customers’ best resolution. Our security and engineering teams have been working with our vendors and have already begun deploying the required patches for this vulnerability.

What is Sudo?

The sudo command allows a user to assume another user’s role and rights and run commands or programs as that user or a superuser (e.g. root) as denoted in the sudo security policy. This weak point lets a user run elevated commands even if the user is not listed in the /etc/sudoers file. The sudoers file is a configuration file that controls the users who are allowed access to the su or sudo commands. The sudo security policy determines the level of privileges a user has to run commands using sudo. The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. The newest version of sudo (Sudo v1.9.5p2) has addressed and mitigated the flaw. The bug was originally introduced in July 2011 (commit 8255ed69) and has existed until now.

Further status updates are available at Liquid Web’s Status Page.

Updates will be added to this post when they become available.

As always, if you have any questions regarding your account, please don’t hesitate to contact our support team, via chat or give us a call at 1.800.580.4985. We are happy to help!

The post Here is What You Need to Know About the Sudo Vulnerability (CVE-2021-3156) appeared first on Liquid Web.

About the Author

Nick Campbell

Nick is the Senior Director of Security & Architecture at Liquid Web. He has over 16 years of experience in Technology and brings a wealth of knowledge and a strong understanding of data security to help safeguard our customers' environments.

More Content by Nick Campbell
Previous Article
Six Steps to Redesign Your Website
Six Steps to Redesign Your Website

Get to know the six essential best practices for website redesign in 2021 to ensure your online business is...

Next Article
How to Start Reselling Hosting with WHMCS and InterWorx
How to Start Reselling Hosting with WHMCS and InterWorx

Interested in how to start your own reseller hosting business? Learn how WHMCS and InterWorx are the perfec...

Learn How to Build Your Business as a Reseller and Earn More

Sign Up