fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Linux SUDO Flaw Lets Local Users Gain Root Privileges

New Linux SUDO Flaw Lets Local Users Gain Root Privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.

Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.

It works on the Principle of Least Privilege where the program gives people just enough permissions to get their work done without compromising the system’s overall security.

When executing commands on a Unix-like OS, unprivileged users can use the sudo (superuser do) command to execute commands as root if they have permission or know the root user’s password – root is the system’s superuser, a special system administration account.

Sudo can also be configured to permit normal users to run commands as any other user by including special directives to the sudoers configuration file.

Also Read: 10 Tips For Drafting Key Terms In A Service Agreement

Root privileges for any local user

The Sudo privilege escalation vulnerability tracked as CVE-2021-3156 (aka Baron Samedit) was discovered by security researchers from Qualys, who disclosed it on January 13th and made sure that patches are available before going public with their findings.

According to Qualys researchers, the issue is a heap-based buffer overflow exploitable by any local user (normal users and system users, listed in the sudoers file or not), with attackers not being required to know the user’s password to successfully exploit the flaw.

The buffer overflow allowing any local user to obtain root privileges is triggered by Sudo incorrectly unescaping backslashes in the arguments.

“Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i),” the 1.9.5p2 changelog reads.

“However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible.”

Qualys created three CVE-2021-3156 exploits to showcase how this vulnerability can be successfully abused by potential attackers.

Using these exploits, the researchers were able to obtain full root privileges on multiple Linux distributions, including Debian 10 (Sudo 1.8.27), Ubuntu 20.04 (Sudo 1.8.31), and Fedora 33 (Sudo 1.9.2).

Other operating systems and distributions supported by Sudo are probably also exploitable using CVE-2021-3156 exploits according to Qualys.

Further technical details on how CVE-2021-3156 can be exploited are available in Qualys’ CVE-2021-3156 security advisory published on Tuesday.

A video demo of how the critical CVE-2021-3156 vulnerability can be exploited is embedded below.

Baron Samedit flaw fixed before disclosure

The vulnerability was introduced in the Sudo program almost 9 years ago, in July 2011, with commit 8255ed69, and it affects default configurations of all stable versions from 1.9.0 to 1.9.5p1 and all legacy versions from 1.8.2 to 1.8.31p2.

The Sudo contributors have fixed the vulnerability in the sudo 1.9.5p2 version released earlier today, at the same time Qualys publicly disclosed their findings.

To test if your system is vulnerable, you have to login as a non-root user and run the “sudoedit -s /” command. Vulnerable systems will throw an error starting with “sudoedit:” while patched ones will display an error starting with “usage:” .

System admins who use Sudo to delegate root privileges to their users should immediately upgrade to sudo 1.9.5p2 or later as soon as possible.

In 2019, another Sudo vulnerability — tracked as CVE-2019-14287 — allowed unprivileged users to execute commands as root.

Also Read: How To Make A PDPC Complaint: With Its Importance And Impact

Luckily, that flaw could only be exploited in non-standard configurations, which meant that most systems running vulnerable Sudo versions were unaffected.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us