SUDO Vulnerability – CVE-2021-3156 – “Baron Samedit” (Privledge Escalation)

SOFTWARE: Sudo VENDOR LINK(s): https://www.sudo.ws/alerts/unescape_overflow.html CVEs: CVE-2021-3156 OFFICIAL CVSS: Unknown at this time, but presumed high TYPE: Privilege Escalation NOTES: Has existed in the software for 10 years and requires a local user account to run code to escalate to SUDO rights.

DNSMasq Vulnerabilities Found

SOFTWARE: DNSmasq SOFTWARE LINK(s): https://www.thekelleys.org.uk/dnsmasq/ CVEs: CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 NOTES: Dnsmasq versions 2.78 to 2.82 were all found to be affected by the three flaws. Researchers are calling it DNSpooqI have a Raspberry Pi running the AD killing software called Pi-Hole – Its running DNSmasq. Simply put, there is a good chance this vulnerability […]