On January 26, 2021, the Qualys research team disclosed a heap overflow vulnerability (CVE-2021-3156) within sudo that allows any unprivileged user to gain root privileges on Linux without requiring a password. BeyondTrust PBsudo/Privilege Management for Unix & Linux Basic is affected by this CVE. Apple also acknowledged and released updates to macOS for this CVE on Feb 10, 2021. Based on macOS releases, we confirmed that Privilege Management for Mac (PMM) is also impacted by this CVE.
Affected Products
PBsudo/PMUL Basic < 10.3.2-10 (Note: PMUL Advanced is not affected)
PMM < PMM 21.1 SR1
Details
PBsudo, a component within BeyondTrust's Privilege Management for Unix & Linux Basic (PMUL Basic), relies on a particular sudo plugin that contains the vulnerable section of code discovered by Qualys researchers.
Similarly, Endpoint Privilege Management for Mac (PMM) is also affected due to use of sudo plugin code. In conjunction with Apple’s macOS releases, a service release for PMM 21.1 (PMM 21.1 SR1) has been made available to address this issue.
Impact
We believe there is a low likelihood of BeyondTrust products being targeted for exploitation via the sudo vulnerability. However, in keeping with best security practices, follow the solution recommendations below.
Solution
If you are a PBsudo/PMUL Basic customer, please contact Support.
If you are a PMM customer, please upgrade your macOS with the latest security updates, including the update for CVE-2021-3156, and then upgrade PMM to 21.1 SR1.
- macOS Big Sur
- macOS Catalina – Supplemental Update
- macOS Mojave – Security Update 2021-002
- Privilege Management for Mac 21.1.1 download is located on the customer portal
- Release notes for PMM 21.1 SR1 are available here.
References
https://blog.qualys.com/vulner...
http://cve.mitre.org/cgi-bin/c...
https://nvd.nist.gov/vuln/deta...
https://support.apple.com/en-u...