Skip to content
Get A Demo
Free SIEM
    January 27, 2021

    Update Blumira Sensors: Sudo Privilege Escalation (CVE-2021-3156)

    What Happened?

    On January 26, a new critical vulnerability to the Sudo binary across nearly all Linux hosts was disclosed. Known as CVE-2021-3156, this vulnerability potentially allows an attacker to leverage the Sudo binary to gain root privileges by passing certain characters to the command line. Over the years, there have been a number of Sudo-related vulnerabilities, however, in this case, it can only be leveraged in non-standard configurations.

    Who’s Affected?

    Currently, all versions of Sudo that are identified below are known to be vulnerable to this local privilege escalation vulnerability.

    • All legacy versions from 1.8.2 to 1.8.31p2
    • All stable versions from 1.9.0 to 1.9.5p1

    Updating Sudo

    If your Blumira Sensor is set up per Blumira guidance, you are likely utilizing the unattended security updates feature of Ubuntu, and Sudo should have been updated last night.

    If you did not enable unattended security updates or are not sure, below you will find commands to determine state and update if need be.

    Patched Sudo Versions – Ubuntu

    Operating System Patched Sudo Version
    Ubuntu 18 LTS (Blumira Sensor) 1.8.21p2
    Ubuntu 20 LTS (Alternate Blumira Sensor) 1.8.31-1ubuntu1.2

    See details in Ubuntu’s security notice.

    Validating Sudo Version

    Log in to your Blumira Sensor over SSH or however you access your Sensors generally. Run the command sudo --version to determine current state.


    $ sudo --version
    Sudo version 1.8.21p2
    Sudoers policy plugin version 1.8.21p2
    Sudoers file grammar version 46
    Sudoers I/O plugin version 1.8.21p2

    Updating Sudo

    Updating Sudo is a simple process, feel free to run this even if you think your machine updated last night with unattended upgrades.

    You can additionally validate your unattended upgrades by reviewing the contents of the logs, tail -n 25 /var/log/unattended-upgrades/unattended-upgrades.log.

    For updating your Sudo binary itself, you only need to run sudo apt update && sudo apt install sudo. Below is an example of an already updated Ubuntu 18 LTS Blumira Sensor.


    $ sudo apt update && sudo apt install sudo
    Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease
    Hit:2 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
    Hit:3 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
    Hit:4 http://us.archive.ubuntu.com/ubuntu bionic-security InRelease
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    68 packages can be upgraded. Run 'apt list --upgradable' to see them.
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    sudo is already the newest version (1.8.21p2-3ubuntu1.4).
    sudo set to manually installed.
    The following packages were automatically installed and are no longer required:
    linux-headers-4.15.0-118 linux-headers-4.15.0-118-generic linux-image-4.15.0-118-generic linux-modules-4.15.0-118-generic linux-modules-extra-4.15.0-118-generic
    Use 'sudo apt autoremove' to remove them.
    0 upgraded, 0 newly installed, 0 to remove and 68 not upgraded.

    Tag(s): Security Alerts , Blog , CVE

    Matthew Warner

    Matthew Warner is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. Prior to founding Blumira, he was Director of Security Services at NetWorks Group, a managed...

    More from the blog

    View All Posts