The new sudo package is available for download with CVE2021-3156 for both cloudlinux 7 and the cloudlinux 8.
Do you wish to manage your server management, Here are our technical team experts who are willing to serve their services 24/7. Check our server management plan for further information.
Changelog :
cloudLinux 8: sudo-1.8.29-6.eI8_3.1
cloudLinux 7: sudo-1.8.23-10.eI7_9.1
Update commands for cloudLinux 7 and the cloudLinux 8.
yum update sudo*CVE-2021-3156 sudo will allow any user to access the root privileges on the Unix without any authentication. (i.e the attacker can access root privileges without any user password)
The sudo is the most important and powerful computer operating system it was pre-installed on macOS and almost every UNIX-Linux based operating system.
The sudo before 1.9.5p2 had a heap-based buffer-overflow which will allow the root privileges via “sudoedit-s”.
The sudo vulnerability was introduced in July 2011 after affecting the version from 1.8.2 to 1.8.31p2.
A bug in the code that tries to remove the escape characters and if it ends with an unescaped backlash character it will read the last character of a string. usually, the bug will be harmless since the sudo has escaped all backlashes. Due to the different bugs the parsing code of the command line that would run the sudoedit either with-S or the -i option. the sudo will not escape the special characters if the command is not being run. then the code will decide whether to remove the special escape characters without checking the command that’s been run. This inconsistency will make the bug exploitable.
Conclusion:
In short, the new sudo package has been released with the CVE-2021-3156 fix for cloudlinux 7 &cloudlinux 8. You will get assistance from our technical support team 24/7 for further installation and maintenance.
