Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Comment:
Corrected a command
A severe vulnerability has been found in Unix and Linux operating systems, that can affect Smart ID Digital Access component. This article describes how to handle the vulnerability.
Note |
---|
This is only a problem if you have added unprivileged users to the system. The default installation does not have any unprivileged users. |
An unprivileged user can exploit the vulnerability using sudo, which can cause a heap overflow to elevate privileges to root, without authentication, or even get listed in the sudoers file.
Run this command to see if you have a vulnerable system:
Code Block title Check if you have a vulnerable system sudotoolsudoedit -s /
If you have a vulnerable system, the response is
No Format nopanel true sudoedit: /: not a regular file
- Depending on version, enter these commands to handle the vulnerability:
For Digital Access 6.0.0 to 6.0.2
Code Block title For Digital Access 6.0.0 to 6.0.2 sudo apt update sudo apt install sudo=1.8.31-1ubuntu1.2
For Digital Access 5.13.1 - 5.13.5
Code Block title For Digital Access 5.13.1 to 5.13.5 sudo apt update sudo apt install sudo=1.8.21p2-3ubuntu1.4
Run this command again:
Code Block title Check the system again for vulnerability sudotool -s /
The answer shall now be:
Code Block title Answer if system is not vulnerable usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...