[ale] CVE-2021-3156 - patch your systems, when the patches get released

Jim Kinney jim.kinney at gmail.com
Tue Jan 26 20:10:31 EST 2021


A good reason to only give sudo to specific commands and deny it to all editor tools.


Yeah. More updates.

On January 26, 2021 4:40:56 PM EST, "Beddingfield, Allen via Ale" <ale at ale.org> wrote:
>This one is pretty nasty.  Essentially, any unprivileged user can
>exploit it.  For those of us who manage large web environments, that is
>particularly concerning, since PHP shells seem to be a favorite trick
>of the script kiddies.
>
>https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
>
>Allen B.
>--
>Allen Beddingfield
>Systems Engineer
>Office of Information Technology
>The University of Alabama
>Office 205-348-2251
>allen at ua.edu
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210126/19b29b67/attachment.html>


More information about the Ale mailing list