CVE-2021-3156
Devops Security

How to patch Sudo

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) made itself known over the past few days and admins everywhere are rushing to patch it. Ill skip the analysis, watch the video below for that, and get right to patching.

To verify your version:

sudo --version

1.8.31 is vulnerable.

Go to https://www.sudo.ws/sudo.html and download the latest relase tar.gz. As of right now, the latest is sudo 1.9.5p2

Once downloaded, de-compress with

tar -xzvf <filename>

cd into the created directory “sudo-1.9.5p2” in this case

run:

./configure

then

make && sudo make install

Once this has completed you mush reload your shell in order to see the new version has been installed. you can type

bash

and then

sudo --version

Big thanks to John Hammond for this video on the process.

Leave a Reply

Your email address will not be published. Required fields are marked *