Advisory No: TZCERT/SA/2021/02/04

Date of First Release: 04^th February 2021

Source: Sonic Wall

Software Affected: 

SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)

Overview:

This vulnerability is caused by improper SQL command neutralization in SonicWall SSLVPN SMA100 products that could allow unauthenticated, remote attacker exploit for credential access.

Description:

In SonicWall SSL VPN SMA 100 products, the SQL injection bug could allow an unauthenticated attacker to perform SQL query to access username, password, and other session-related information. The flaw affects both physical and virtual SMA 100 version 10.x devices.

Impact:

Successful exploitation of the vulnerability could allow an unprivileged user to gain access to the system.

Solution:

SonicWall has issued both workaround and security update to address the affected firmware. Users and administrators are advised to upgrade firmware to the latest stable version.

     Workaround

1. Enable multifactor authentication (MFA) as a safety measure.
2. Enable Web Application Firewall (WAF) on SMA100.
3. Reset the passwords for any users who may have logged into the device via the web interface.

References:

1. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
2. https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/

Google has released security updates to address multiple vulnerabilities in Chrome. The exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review the Chrome release page and apply necessary updates.

SonicWall has released security updates to address a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. The exploitation of this vulnerability could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SonicWall Advisory and apply necessary updates.

Cisco has released security updates to address vulnerabilities in VPN Routers. The exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Cisco Security Advisory and apply necessary updates.

Linux Sudo Package Elevation of Privilege Vulnerability- CVE-2021-3156

Advisory No: TZCERT/SA/2021/02/03

Date of First Release: 03^rd February 2021

Source: Sudo

Software Affected: 

Sudo versions 1.8.2 through 1.8.31p2 & 1.9.0 through 1.9.5p1

Overview:

A heap overflow vulnerability exists in sudo, a utility available in Unix operating systems. Successful exploitation of this vulnerability may allow an unprivileged user to gain root privileges, even though the user is not listed in the sudoers file.

Description:

The vulnerability is in the code that removes the escape characters, will read beyond the last character of a string if it ends with an unescaped backslash character. When sudo runs a command in shell mode, with -s or -i options, it escapes special characters in the command’s arguments with a backslash.

The attacker can use this bug to control the “user_args” size and cause a buffer overflow.

Impact:

Successful exploitation of the vulnerability could allow an unprivileged user to gain root privileges to the host system.

Solution:

There is no workaround for this vulnerability; however, users are advised to patch sudo to the latest stable version.

• To test whether your version of sudo is vulnerable.

Type the following command; Sudoedit -s /

A vulnerable version of sudo will either prompt for a password or display an error similar to sudoedit: /: not a regular file

A patched version of sudo will display a statement like the following:

usage: sudoedit [-AknS] [-a type] [-C num] [-c class] [-D directory] [-g group]

                [-h host] [-p prompt] [-R directory] [-T timeout] [-u user]

                file …

References:

1. https://www.sudo.ws/alerts/unescape_overflow.html 
2. https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit