Overview
One possible security vulnerability reported in security scans is "Sudo Heap-based Buffer Overflow Vulnerability (Baron Samedit) (Generic)".
sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.
There is a heap-based buffer overflow in Sudo (CVE-2021-3156), and some exploits for this vulnerability have been developed to obtain full root privileges on Ubuntu. It has been given the name Baron Samedit. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file.
Affected Versions:
- All legacy versions from 1.8.2 to 1.8.31p2
- All stable versions from 1.9.0 to 1.9.5p1
Solution
Lithium GA does not use Ubunto but RHEL.
RHEL maintains its own version of sudo and not from sudo.org. As per https://access.redhat.com/solutions/5777141, the latest sudo version is sudo-1.8.23-4.el7_7.3.x86_64 for RHEL 7.7. Latest Lithium GA uses RHEL 7.9 with sudo-1.8.23.10. Please upgrade to the latest Lithium GA.