Today, a serious vulnerability in sudo was announced, where any user on the system can get sudo access without having to know a password: Īs far as I can tell, the version of sudo shipped with MacOS Big Sur (11.1) is vulnerable: ~ sudo -version Sudo version 1.8.31 Sudoers policy plugin version 1.8.31 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.31 You are not going to find detailed information outside the walled garden of Apple.
#CVE 2021 3156 UPDATE#
That version is, per the CVE, vulnerable.Īpple uses its Software Update service (which also drives system software updates that show in the App Store or via the softwareupdate command-line tool) as a mechanism for installing “ background and critical” updates that are installed silently in the background with no notifications to the user. I'm running MacOS Big Sur (11.1) which comes with sudo 1.8.31. I'm not running Ubuntu, Debian or Fedora. My concern is that, as far as I can tell, I can't find a way to update the sudo binary on MacOS to a version that is no longer vulnerable, thus I'm looking for support or documentation on a way to update the sudo binary on MacOS, or some reassurance that an update for MacOS is coming that includes a fixed version of the sudo binary. This is a security vulnerability which has been disclosed, announced and fixed per the link I provided in my post. The issue is then that, with the vulnerable sudo binary, any program on a Mac can get administrative privileges without user consent or prompt. As far as I can tell the version of the sudo binary shipped with MacOS is vulnerable to the linked vulnerability I believe this has to do with Mac since MacOS (which runs on all Macs) is shipped with - among other things - a sudo binary. Thanks again for all your help and please keep the good advice and great information coming.I'm not sure about your remarks. Sometimes we just need an answer to our question, even if that answer is " I don't know" or " that is not possible". Please try to remember that we can't all stay on the latest or even supported release and sometimes our situation is not of our making or within our ability to immediately resolve.
Not all of us have the authority, budget, time or skills to stay on the supported release and some of us inherit an awful situation with little resources to fix it, at least in the short-term.
#CVE 2021 3156 UPGRADE#
Can you please tell me how repeating the phrase above helps the situation? Not trying to be difficult but trying to get you to see that not all admins CAN upgrade to CentOS 8 or even 7.
#CVE 2021 3156 PATCH#
Now the admins are working hard to patch a serious security vulnerability in 'sudo' and are reaching out for help. Certainly not the ideal situation but sometimes "it is what it is". These older systems run on CentOS 5.6 because that is the latest CentOS supported by these aging commercial apps. The software works and is stable but there is little money for replacements or upgrades. Some software is OpenSource, but some are commercial apps purchased 8-10 years ago. Several servers run their accounting, HR, Payroll, administration and in-house management software. Non-profit org with two junior linux admin volunteers managing an inherited environment of Linux servers. After the first post however, not helpful.
#CVE 2021 3156 HOW TO#
You should be looking at how to get off CentOS 6 ASAP.įor those that don't realize CentOS 6 is EOL, thank you. However, some of your answers are not helpful. You have also posted some good advice and information and Thank You for that.
You are obviously intelligent and very knowledgeable about CentOS.
0 kommentar(er)
