I just got this security alert from OmniOS support.
Emergency security update due a very critical bug in sudo
I suggest all to update sudo as soon as possible (update OS if no fix is available)
For OmniOS (151030-151036) a fix is available now (for all user even without a support contract)
To install the update utter the following
# pkg update sudo omnios-userland entire
To test if you are affected:
enter "sudoedit -s /"
if you are affected, the answer should begin with "sudoedit:" (what I have read)
Emergency security update due a very critical bug in sudo
Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) - Help Net Security
A vulnerability (CVE-2021-3156) in sudo could allow any unprivileged local user to gain root privileges on a vulnerable Linux host.
www.helpnetsecurity.com
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog
Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the…
blog.qualys.com
I suggest all to update sudo as soon as possible (update OS if no fix is available)
For OmniOS (151030-151036) a fix is available now (for all user even without a support contract)
To install the update utter the following
# pkg update sudo omnios-userland entire
To test if you are affected:
enter "sudoedit -s /"
if you are affected, the answer should begin with "sudoedit:" (what I have read)
Last edited: