CVE-2021-3156
26.01.2021, 21:15
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sudo_project | sudo | 1.8.2 ≤ 𝑥 < 1.8.32 |
| sudo_project | sudo | 1.9.0 ≤ 𝑥 < 1.9.5 |
| sudo_project | sudo | 1.9.5 |
| sudo_project | sudo | 1.9.5:patch1 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| netapp | cloud_backup | - |
| netapp | hci_management_node | - |
| netapp | oncommand_unified_manager_core_package | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire | - |
| mcafee | web_gateway | 8.2.17 |
| mcafee | web_gateway | 9.2.8 |
| mcafee | web_gateway | 10.0.4 |
| synology | diskstation_manager_unified_controller | 3.0 |
| synology | diskstation_manager | 6.2 |
| synology | skynas_firmware | - |
| synology | vs960hd_firmware | - |
| beyondtrust | privilege_management_for_mac | 𝑥 < 21.1.1 |
| beyondtrust | privilege_management_for_unix\/linux | 𝑥 < 10.3.2-10 |
| oracle | micros_es400_firmware | 400 ≤ 𝑥 ≤ 410 |
| oracle | micros_workstation_6_firmware | 610 ≤ 𝑥 ≤ 655 |
| oracle | communications_performance_intelligence_center | 10.3.0.0.0 ≤ 𝑥 ≤ 10.3.0.2.1 |
| oracle | communications_performance_intelligence_center | 10.4.0.1.0 ≤ 𝑥 ≤ 10.4.0.3.1 |
| oracle | tekelec_platform_distribution | 7.4.0 ≤ 𝑥 ≤ 7.7.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References