Recently, a new security issue with Linux came to light (https://nvd.nist.gov/vuln/detail/CVE-2021-3156), which could allow a user to gain root access of a server. This is using the “sudoedit” command, which is used to give users elevated privileges (but not root access) in some cases.
The first question a website / server owner should ask here is “Is my server vulnerable to this?” – if so, the next question is “who needs to fix it and how?”. In this particular case, only servers which allow normal “user” access need to be immediately concerned.
If you run / own a dedicated server with only trusted user accounts, the urgency to get patched is not as high. For sure, you should get it done, but it’s unlikely someone could exploit this bug.
If, however, you run a multi-user system with many untrusted users logging in, you probably need to act quickly. Once these bugs are revealed publicly, hackers will look to exploit them. Many hosting companies run jailed-shells, or otherwise restricted shells, so they may not be vulnerable. If you have a more vanilla Linux installation with multiple user accounts, you should get this patched.
Comments Off on Linux security issue | Security