[oi-dev] CVE-2021-3156 seems relevant for OI
Tony Brian Albers
tba at kb.dk
Thu Jan 28 06:09:51 UTC 2021
On a freshly installed and updated OI:
tba at emu:~$ sudoedit -s /
Password:
sudoedit: /: not a regular file <<<< Should be 'usage:'
tba at emu:~$
It's explained here:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
We might want to get sudo patched really, really quickly.
/tony
--
Tony Albers - Systems Architect - IT Development Royal Danish Library,
Victor Albecks Vej 1, 8000 Aarhus C, Denmark
Tel: +45 2566 2383 - CVR/SE: 2898 8842 - EAN: 5798000792142
More information about the oi-dev
mailing list