Last Updated on 2021-02-09 by Clay
Introduction
Today I saw the news and found the sudo tool commonly used in unix-liked operating systems has a heap overflow BUG (number CVE-2021-3156).
At present, it has been confirmed that full root permissions can be obtained in the following version:
- Ubuntu 20.04(sudo 1.8.31)
- Debian 10(sudo 1.8.27)
- Fedora 33(sudo 1.9.2)\
According the news, as well as several discussion forums I have roughly read, almost all of them are suggesting that everyone quickly upgrade the package version. This bug was be found in 2021/01 and was notified to the sudo development group.
After a week, the new version of the fix was already online.
And then, I record how to upgrade our sudo package version.
How to upgrade sudo package
First, we can use the following command to check sudo version:
sudo -V
If your version is under than 1.9.5, upgrade as soon as possible. If you are a server manager, you probably don't want everyone to be able to get root permission.
Step 1: Download sudo installation file
前往 https://www.sudo.ws/dist/ 下載 sudo.tar.gz。
or using the following command:
wget https://www.sudo.ws/dist/sudo.tar.gz
Step 2: Decompression
tar -zxvf sudo.tar.gz
cd sudo-1.9.5p2/
Maybe the version is different from mine.
Step 3: Switch to root and start to "make"
sudo su
./configure --prefix=/usr --libexecdir=/usr/lib --with-secure-path --with-all-insults --with-env-editor --docdir=/usr/share/doc/sudo-1.9.5p2 --with-passprompt="[sudo] password for %p: "
make
make install && ln -sfv libsudo_util.so.0.0.0 /usr/lib/sudo/libsudo_util.so.0
Step 4: Confirm the version has been upgraded
sudo -V
Output:
Sudo version 1.9.5p2
Sudoers policy plugin version 1.9.5p2
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.5p2
Sudoers audit plugin version 1.9.5p2
And then, we done.
References
- https://www.sudo.ws/dist/
- https://askubuntu.com/questions/1311411/upgrade-sudo-to-1-9-5p2-version-due-to-cve-2021-3156-vulnerability
- https://blog.csdn.net/hzf16321/article/details/113351402