CVE-2021-3156 sudo Vulnerability Allows Root Privileges
I wonder if RSA AM is affected by the vulnerability CVE-2021-3156 regarding sudo. If yes is there a patch on the way?
- Auth Manager
- Authentication Manager
- Community Thread
- cve-2021-3156 sudo vulnerability allows root privileges
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password). Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Kindly review the below thread for more information.
- Since RSA appliances cannot be accessed with root (sudo) user we mark this as a false positive. RSA appliances have it's own operating system user (rsaadmin) and password created during the initial setup/deployment.
- Also, RSA uses SUSE Linux Enterprise Server 12 SP3 on AM 8.5 version, this package is not listed under affected Packages and Issued.
To resolve that vulnerability, you will need to upgrade to 22.214.171.124 that will be released not before next Month