[ale] CVE-2021-3156 - patch your systems, when the patches get released
Beddingfield, Allen
allen at ua.edu
Tue Jan 26 16:40:56 EST 2021
This one is pretty nasty. Essentially, any unprivileged user can exploit it. For those of us who manage large web environments, that is particularly concerning, since PHP shells seem to be a favorite trick of the script kiddies.
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu
More information about the Ale
mailing list