Security researchers identified a new Sudo vulnerability affecting Linux systems a few days ago and dubbed it ‘Baron Samedit’ Another researcher found that the same Sudo version also ships with the latest version of macOS, which means the vulnerability now extends to another OS.
Sudo is a powerful tool that lets a regular user run other apps or commands with the superuser’s privileges. Using such an instrument comes with great responsibility. Sudo is necessary on Linux systems and is used often, which means that any vulnerability within the software can bring significant issues.
“When Sudo runs a command in shell mode, either via the -s or -I command-line option, it escapes special characters in the command’s arguments with a backslash,” said the Sudo developers. “The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.”
Sudo is by no means perfect software, and researchers have found other vulnerabilities in the past, which developers quickly fixed. The Linux platform has a distinct advantage in this area, as fixes tend to spread more easily across the ecosystem. Unfortunately, the problem has been around for years, as it affected versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.
Now, security researcher Matthew Hickey has discovered that attackers could use the same vulnerability on macOS systems. This was only possible because macOS Big Sur uses an older version of Sudo and hasn’t been patched yet.
“CVE-2021-3156 also impacts MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking Sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0,” said the researcher on Twitter.