sudoÍâµØÌáȨÎó²î£¨CVE-2021-3156£©

Ðû²¼Ê±¼ä 2021-01-27

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-3156

ʱ   ¼ä

2021-01-27

Àà   ÐÍ

ȨÏÞÌáÉý

µÈ   ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

·ñ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

image.png

 

SudoÊÇÒ»¸ö¹¦Ð§Ç¿Ê¢µÄ¹¤¾ß£¬£¬£¬£¬£¬£¬ÆäÔÊÐíͨË×Óû§Ö´ÐÐrootȨÏÞÏÂÁ£¬£¬£¬£¬£¬´ó´ó¶¼»ùÓÚUnixºÍLinuxµÄ²Ù×÷ϵͳ¶¼°üÀ¨sudo¡£¡£¡£¡£

2021Äê01ÔÂ26ÈÕ£¬£¬£¬£¬£¬£¬sudo±»Åû¶±£´æÒ»¸ö»ùÓڶѵĻº³åÇøÒç³öÎó²î£¨CVE-2021-3156£¬£¬£¬£¬£¬£¬¸ÃÎó²î±»ÃüÃûΪ¡°Baron Samedit¡±£©£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÍâµØȨÏÞÌáÉý¡£¡£¡£¡£

µ±ÔÚÀàUnixµÄ²Ù×÷ϵͳÉÏÖ´ÐÐÏÂÁîʱ£¬£¬£¬£¬£¬£¬·ÇrootÓû§¿ÉÒÔʹÓÃsudoÏÂÁîÀ´ÒÔrootÓû§Éí·ÝÖ´ÐÐÏÂÁî¡£¡£¡£¡£ÓÉÓÚsudo¹ýʧµØÔÚ²ÎÊýÖÐתÒåÁË·´Ð±¸Üµ¼Ö¶ѻº³åÇøÒç³ö£¬£¬£¬£¬£¬£¬´Ó¶øÔÊÐíÈκÎÍâµØÓû§£¨ÎÞÂÛÊÇ·ñÔÚsudoersÎļþÖУ©»ñµÃrootȨÏÞ£¬£¬£¬£¬£¬£¬ÎÞÐè¾ÙÐÐÉí·ÝÑéÖ¤£¬£¬£¬£¬£¬£¬ÇÒ¹¥»÷Õß²»ÐèÒªÖªµÀÓû§ÃÜÂë¡£¡£¡£¡£

Çå¾²Ñо¿Ö°Ô±ÓÚ1ÔÂ26ÈÕ¹ûÕæÅû¶ÁË´ËÎó²î£¬£¬£¬£¬£¬£¬²¢ÌåÏÖ¸ÃÎó²îÒѾ­Òþ²ØÁ˽üÊ®Äê¡£¡£¡£¡£

 

Ó°Ïì¹æÄ£

Sudo 1.8.2 - 1.8.31p2

Sudo 1.9.0 - 1.9.5p1

 

²âÊÔϵͳÊÇ·ñÒ×ÊÜ´ËÎó²îÓ°Ï죺

1.   ÒÔ·ÇrootÓû§Éí·ÝµÇ¼ϵͳ¡£¡£¡£¡£

2.   ÔËÐÐÏÂÁî¡°sudoedit -s /¡±

3.   ÈôÊÇ·ºÆðÒÔ¡° sudoedit£º¡±¿ªÍ·µÄ¹ýʧÏìÓ¦£¬£¬£¬£¬£¬£¬ÔòϵͳÊܵ½´ËÎó²îÓ°Ï죻£»£»£»£»£»£»ÈôÊÇ·ºÆðÒÔ¡° usage£º¡±¿ªÍ·µÄ¹ýʧÏìÓ¦£¬£¬£¬£¬£¬£¬ÔòÌåÏÖ¸ÃÎó²îÒѱ»²¹¶¡ÐÞ¸´¡£¡£¡£¡£

 

 

0x02 ´¦Öóͷ£½¨Òé

½¨ÒéʵʱÉý¼¶sudoÖÁ×îа汾¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.sudo.ws/dist/

 

ÔÝʱ²½·¥£¨RedHat£©

1.×°ÖÃËùÐèµÄsystemtapÈí¼þ°üºÍÒÀÀµÏ

systemtap yum-utils kernel-devel-¡° $£¨uname -r£©¡±

RHEL 7×°ÖÃkernel debuginfo£ºdebuginfo-install -y kernel-¡° $£¨uname -r£©¡±

RHEL 8×°ÖÃsudo debuginfo£ºdebuginfo-install sudo

 

2.½¨ÉèÒÔÏÂsystemtap¾ç±¾£º£¨½«ÎļþÃüÃûΪsudoedit-block.stap£©

probe process("/usr/bin/sudo").function("main") {

        command = cmdline_args(0,0,"");

        if (strpos(command, "edit") >= 0) {

                raise(9);

        }

}

 

3.ʹÓÃÒÔÏÂÏÂÁî×°Öþ籾£º£¨Ê¹ÓÃroot£©

££nohup stap -g sudoedit-block.stap£¦

Õ⽫Êä³ösystemtap¾ç±¾µÄPID±àºÅ£¬£¬£¬£¬£¬£¬¸Ã¾ç±¾½«µ¼ÖÂÒ×Êܹ¥»÷µÄsudoedit¶þ½øÖÆÎļþ×èÖ¹ÊÂÇ飬£¬£¬£¬£¬£¬sudoÏÂÁîÈÔ½«ÕÕ³£ÊÂÇé¡£¡£¡£¡£

×¢ÖØ£¬£¬£¬£¬£¬£¬ÉÏÊö¸ü¸Ä»áÔÚÖØÆôºóʧЧ£¬£¬£¬£¬£¬£¬±ØÐèÔÚÿ´ÎÖØÆôºóÖØÐÂÓ¦Óᣡ£¡£¡£

 

4.Ò»µ©×°ÖÃÁ˲¹¶¡³ÌÐò£¬£¬£¬£¬£¬£¬¾Í¿ÉÒÔͨ¹ýÖÕÖ¹systemtapÀú³ÌÀ´É¾³ýsystemtap¾ç±¾¡£¡£¡£¡£ÀýÈ磬£¬£¬£¬£¬£¬Í¨¹ýʹÓÃÒÔÏÂÏÂÁ£¬£¬£¬£¬£¬ÆäÖÐ7590ÊÇsystemtapÀú³ÌµÄPID¡£¡£¡£¡£

££kill -s SIGTERM 7590

 

 

0x03 ²Î¿¼Á´½Ó

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

https://access.redhat.com/security/cve/CVE-2021-3156

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

https://www.bleepingcomputer.com/news/security/new-linux-sudo-flaw-lets-local-users-gain-root-privileges/

 

0x04 ʱ¼äÏß

2021-01-26  QualysÅû¶Îó²î

2021-01-27  RedHatÐû²¼Ç徲ͨ¸æ

2021-01-27  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png