Linux Bug CVE-2021-3156
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
This one is neat not only because of how simple it is to run, but it has a snappy name too. This is just a failure to tokenize arguments, but man is it a painful one.
This one is neat not only because of how simple it is to run, but it has a snappy name too. This is just a failure to tokenize arguments, but man is it a painful one.
Now back the coding truck up, only Windows is supposed to have long term "hidden in plain sight" vulnerabilities! *nix is supposed to be without blemish or errors, same as MacOS.
All of them have vulnerabilities. Open source operating systems appear to discover about two vulnerabilities or so per month.
FreeBSD: https://www.freebsd.org/security/advisories/
Debian: https://lists.debian.org/debian-security-announce/2021/threads.html
OpenBSD ("widely regarded as the most secure operating system available anywhere, under any licensing terms"), would probably have fewer discoveries of this kind:
https://www.openbsd.org/errata68.html
FreeBSD: https://www.freebsd.org/security/advisories/
Debian: https://lists.debian.org/debian-security-announce/2021/threads.html
OpenBSD ("widely regarded as the most secure operating system available anywhere, under any licensing terms"), would probably have fewer discoveries of this kind:
https://www.openbsd.org/errata68.html
That's incredible that it's possible with the default configuration of such a popular program.
That explains the recent sudo update (at least I hope that's what it was for).
Don't forget Heartbleed (OpenSSL) and Shellshock (bash).
| only Windows is supposed to have long term "hidden in plain sight" vulnerabilities |
Don't forget Heartbleed (OpenSSL) and Shellshock (bash).
Topic archived. No new replies allowed.