moneyslow.com

Linux Sudo本地提权漏洞修复办法(CVE-2021-3156)

黑客漏洞修复

黑客漏洞修复

漏洞详情的国外地址:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

腾讯云警告地址:
https://cloud.tencent.com/announce/detail/1501

按照文档说明,需要升级到Sudo 1.9.5p2 或更新版本即可。所以先到官网sudo.ws下载最新包升级即可。

sudo漏洞修复方法

下拉找到rpm包

以下为快速修复方法,以centos操作系统为例,升级rpm包。

Centos6:
rpm -Uvh https://www.moneyslow.com/soft/CVE-2021-3156/sudo-1.9.5-3.el6.x86_64.rpm
Centos7:
rpm -Uvh https://www.moneyslow.com/soft/CVE-2021-3156/sudo-1.9.5-3.el7.x86_64.rpm
Centos8:
rpm -Uvh https://www.moneyslow.com/soft/CVE-2021-3156/sudo-1.9.5-3.el8.x86_64.rpm

例子:Centos7的升级命令:

# rpm -Uvh https://www.moneyslow.com/soft/CVE-2021-3156/sudo-1.9.5-3.el7.x86_64.rpm
Retrieving https://www.moneyslow.com/soft/CVE-2021-3156/sudo-1.9.5-3.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:sudo-1.9.5-3.el7 ################################# [ 50%]
Cleaning up / removing...
2:sudo-1.8.23-9.el7 ################################# [100%]

按照文档,出现以下错误,即修复。

$sudoedit -s /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout]
[-u user] file ...

Exit mobile version