Inquiries about NSX-V affected with CVE-2021-3156
Article ID: 317211
Updated On:
Products
VMware NSX Data Center for vSphere
Issue/Introduction
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
Symptoms:
Based on the CVE, Sudo before 1.9.5p2 are vulnerable to CVE-2021-3156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
Symptoms:
Based on the CVE, Sudo before 1.9.5p2 are vulnerable to CVE-2021-3156
Environment
VMware NSX for vSphere 6.3.x
VMware NSX Data Center for vSphere 6.4.x
VMware NSX Data Center for vSphere 6.4.x
Resolution
It is fixed on 6.4.11
Additional Information
Impact/Risks:
This vulnerability allows any unprivileged local user to gain root privileges on a vulnerable host (without authentication).
This vulnerability allows any unprivileged local user to gain root privileges on a vulnerable host (without authentication).
Feedback
Yes
No
Powered by
