Security Advisory: Privilege Management for Unix & Linux (PMUL) Basic and Privilege Management for Mac (PMM) Affected by Sudo Vulnerability

Feb 18, 2021

Author:

Phantom Labs™

BeyondTrust

Security Advisory: Privilege Management for Unix & Linux (PMUL) Basic and Privilege Management for Mac (PMM) Affected by Sudo Vulnerability

Phantom Labs™

BeyondTrust

On January 26, 2021, the Qualys research team disclosed a heap overflow vulnerability (CVE-2021-3156) within sudo that allows any unprivileged user to gain root privileges on Linux without requiring a password. BeyondTrust PBsudo/Privilege Management for Unix & Linux Basic is affected by this CVE. Apple also acknowledged and released updates to macOS for this CVE on Feb 10, 2021. Based on macOS releases, we confirmed that Privilege Management for Mac (PMM) is also impacted by this CVE.

Affected Products

PBsudo/PMUL Basic < 10.3.2-10 (Note: PMUL Advanced is not affected)

PMM < PMM 21.1 SR1

Details

PBsudo, a component within BeyondTrust's Privilege Management for Unix & Linux Basic (PMUL Basic), relies on a particular sudo plugin that contains the vulnerable section of code discovered by Qualys researchers.

Similarly, Endpoint Privilege Management for Mac (PMM) is also affected due to use of sudo plugin code. In conjunction with Apple’s macOS releases, a service release for PMM 21.1 (PMM 21.1 SR1) has been made available to address this issue.

Impact

We believe there is a low likelihood of BeyondTrust products being targeted for exploitation via the sudo vulnerability. However, in keeping with best security practices, follow the solution recommendations below.

Solution

If you are a PBsudo/PMUL Basic customer, please contact Support.

If you are a PMM customer, please upgrade your macOS with the latest security updates, including the update for CVE-2021-3156, and then upgrade PMM to 21.1 SR1.