"Recent Sudo Vulnerability Affects Apple, Cisco Products"
Researchers at the cybersecurity firm Qualys discovered a bug in the Sudo utility that affects Apple's macOS Big Sur operating system and multiple Cisco products. Administrators can use the Sudo utility to delegate root-level admin authority to specific users or groups of users while logging all of their commands and activities. The Sudo utility allows administrators to enable or restrict a user's execution of commands on a host system, as well as centrally manage user privileges per host. The security flaw found in the utility, tracked as CVE-2021-3156 and dubbed Baron Samedit by Qualys researchers, is a heap-based buffer overflow. Unprivileged users can exploit the Sudo vulnerability to gain root privileges on the vulnerable host. The researchers only demonstrated the exploitation of the flaw on several Linux distributions, like Debian, Fedora, and Ubuntu. However, the researchers warn that most Unix- and Linux-based systems could be affected by the vulnerability. This article continues to discuss the recently discovered Sudo vulnerability regarding its potential exploitation and impact, in addition to the responses to this security flaw.
Security Week reports "Recent Sudo Vulnerability Affects Apple, Cisco Products"