Security Advisory - sudo

First published on Feb. 1, 2021.
Last edited on Feb. 1, 2021.

A vulnerability impacting most Linux systems has been identified in sudo, a Linux system utility that grants users root access. Below is a link to an article describing the vulnerability:

https://www.sudo.ws/alerts/unescape_overflow.html

This vulnerability can only be exploited by a malicious user who logs in to the Enterprise File Fabric™ server virtual machine using ssh or some other similar method of login.

Note that only Linux System Administrators would normally have authority for SSH access to the File Fabric and that File Fabric users working through the File Fabric’s web interface or desktop or mobile tools cannot exploit this vulnerability.

To test whether your version of sudo is vulnerable, the following command can be used:

sudoedit -s '\' `perl -e 'print "A" x 65536'`

If output of this command is a usage or error message, then sudo is not vulnerable. If the output is Segmentation fault, that means sudo is vulnerable.

Resolution

This update will not require downtime or reboot. Users using the system will not be affected.

To apply the update, ssh into the File Fabric host and su to root. Then execute both of these commands:

yum clean all
yum update sudo

You should get 1.8.23-10.el7_9.1, you might currently have 1.8.23-10.el7

This update will be included in the next released build of the File Fabric Appliance.

Note: For a HA setup these commands will have to be run on each node.