Best of 2021 – The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)
As we close out 2021, we at Security Boulevard wanted to highlight the most popular articles of the year. Following is the next in our series of the Best of 2021.
Linux and Unix operating systems require regular patching like any IT system, but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected.
Patches are available
Qualys rightly did not publically disclose the vulnerability until the sudo program author was able to write and release a fixed (patched) version of sudo. The fixed sudo version1.9.5p2 has been made available to download at www.sudo.ws.
Linux vendors have also released patches for the sudo vulnerability, including
The Security Concern
This vulnerability in sudo has been present for nearly 10 years, all sudo versions prior to sudo 1.9.5p2 are to be considered vulnerable. The issue is Linux is embedded everywhere, yet many systems are rarely, and even never updated. From IoT devices to internet-based services, the security of countless devices and web-based services’ are dependant upon a secure Linux account privilege model. While their Linux operating systems remain unpatched to prevent exploitation of the CVE-2021-3156 vulnerability, they sit there insecure and waiting to be hacked.
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/iH5cq2d0Vco/the-linux-flaw-you-cant-afford-to.html