Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected a command

A severe vulnerability has been found in Unix and Linux operating systems, that can affect Smart ID Digital Access componentThis article describes how to handle the vulnerability.

Note

This is only a problem if you have added unprivileged users to the system. The default installation does not have any unprivileged users.

An unprivileged user can exploit the vulnerability using sudo, which can cause a heap overflow to elevate privileges to root, without authentication, or even get listed in the sudoers file. 

  1. Run this command to see if you have a vulnerable system:

    Code Block
    titleCheck if you have a vulnerable system
    sudotoolsudoedit -s /


    1. If you have a vulnerable system, the response is 

      No Format
      nopaneltrue
      sudoedit: /: not a regular file


  2. Depending on version, enter these commands to handle the vulnerability:
    1. For Digital Access 6.0.0 to 6.0.2

      Code Block
      titleFor Digital Access 6.0.0 to 6.0.2
      sudo apt update
      sudo apt install sudo=1.8.31-1ubuntu1.2


    2. For Digital Access 5.13.1 - 5.13.5

      Code Block
      titleFor Digital Access 5.13.1 to 5.13.5
      sudo apt update 
      sudo apt install sudo=1.8.21p2-3ubuntu1.4


  3. Run this command again:

    Code Block
    titleCheck the system again for vulnerability
    sudotool -s /


    1. The answer shall now be:

      Code Block
      titleAnswer if system is not vulnerable
      usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...