{"id":20710,"date":"2021-01-28T10:58:57","date_gmt":"2021-01-28T02:58:57","guid":{"rendered":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/?p=20710"},"modified":"2021-01-28T11:02:33","modified_gmt":"2021-01-28T03:02:33","slug":"%e3%80%90%e8%b3%87%e5%ae%89%e8%ad%a6%e8%a8%8a%e3%80%91%e5%ad%b8%e6%a0%a1%e6%9c%89%e4%bd%bf%e7%94%a8linux%e7%9b%b8%e9%97%9c%e7%89%88%e6%9c%ac%e7%b3%bb%e7%b5%b1%ef%bc%8c%e8%ab%8b%e8%a8%98%e5%be%97","status":"publish","type":"post","link":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/archives\/20710","title":{"rendered":"\u3010\u8cc7\u5b89\u8b66\u8a0a\u3011\u5b89\u5168\u5ee0\u5546Qualys\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u985eUnix\u4f5c\u696d\u7cfb\u7d71\u5e38\u7528\u7684Sudo\u7a0b\u5f0f\uff0c\u5b58\u5728\u4e00\u500b\u6b0a\u9650\u5347\u7d1a\u6f0f\u6d1e\uff0c\u5728\u9810\u8a2dSudo\u7d44\u614b\u60c5\u6cc1\u4e0b\uff0c\u4efb\u4f55\u4eba\u90fd\u80fd\u53d6\u5f97\u4e3b\u6a5f\u4e0a\u7684\u6839\u57f7\u884c\u6b0a\u9650\u3002"},"content":{"rendered":"

(\u8f49\u77e5)\u5b78\u6821\u6709\u4f7f\u7528Linux\u76f8\u95dc\u7248\u672c\u7cfb\u7d71\uff0c\u8acb\u8a18\u5f97\u9032\u884c\u66f4\u65b0\u3002<\/h3>\n

\u5b89\u5168\u5ee0\u5546Qualys\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u985eUnix\u4f5c\u696d\u7cfb\u7d71\u5e38\u7528\u7684Su<\/wbr>do\u7a0b\u5f0f\uff0c\u5b58\u5728\u4e00\u500b\u6b0a\u9650\u5347\u7d1a\u6f0f\u6d1e\uff0c\u5728\u9810\u8a2dSudo\u7d44\u614b\u60c5\u6cc1\u4e0b\uff0c<\/wbr>\u4efb\u4f55\u4eba\u90fd\u80fd\u53d6\u5f97\u4e3b\u6a5f\u4e0a\u7684\u6839\u57f7\u884c\u6b0a\u9650\u3002<\/h3>\n

Sudo\u662f\u4e00\u7a2e\u5de5\u5177\u7a0b\u5f0f\uff0c\u7528\u65bc\u5404\u7a2e\u985eUnix\u4f5c\u696d\u7cfb\u7d71\uff0c<\/wbr>\u5305\u62ecBSD\u3001Mac OS X\u4ee5\u53caGNU\/Linux\uff0c<\/wbr>\u5141\u8a31\u4e00\u822c\u4f7f\u7528\u8005\u4ee5\u53e6\u4e00\u4eba\u7684\u6839\u6b0a\u9650\u4f86\u57f7\u884c\u7a0b\u5f0f\u3002<\/p>\n

Qualys\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u7684\u6f0f\u6d1e\u5c6c\u65bcSudo\u7684\u5806\u7a4d\uff08heap-<\/wbr>based\uff09\u7de9\u885d\u6ea2\u4f4d\u6f0f\u6d1e\uff0c\u7de8\u865fCVE-2021-3156\u3002<\/wbr>\u5b83\u5728\u672c\u6a5f\u7528\u6236\u50b3\u9001sudoedit -s\u53ca\u4ee5\u55ae\u53cd\u659c\u7dda\uff08\\\uff09\u7d50\u5c3e\u7684\u6307\u4ee4\u884c\u53c3\u6578\u958b\u63a1\uff0c\u4efb\u4f55\u672c\u6a5f\u4f7f\u7528\u8005\uff08<\/wbr>\u5305\u62ec\u4e00\u822c\u4f7f\u7528\u8005\u548c\u7cfb\u7d71\u4f7f\u7528\u8005\u3001sudoer\u6216\u975esudoer\uff09<\/wbr>\u5728\u672a\u7d93\u9a57\u8b49\uff08\u5373\u7121\u9700\u77e5\u9053\u5bc6\u78bc\uff09\u90fd\u80fd\u8f15\u6613\u5b8c\u6210\u3002<\/wbr>\u6210\u529f\u958b\u63a1\u53ef\u9020\u6210\u6b0a\u9650\u64f4\u5f35\uff0c\u7121\u6b0a\u9650\u7684\u672c\u6a5f\u7528\u6236\u56e0\u6b64\u53d6\u5f97\u4e3b\u6a5f\u6839\u6b0a\u9650\uff0c<\/wbr>\u53ef\u80fd\u5371\u53ca\u8cc7\u6599\u96b1\u79c1\u6216\u5c0e\u81f4\u7cfb\u7d71\u88ab\u8b8a\u66f4\u6216\u7121\u6cd5\u4f7f\u7528\u3002\u9019\u9805\u6f0f\u6d1eCVSS 3.1\u98a8\u96aa\u8a55\u5206\u90547.0\uff0c\u5c6c\u4e2d\u9ad8\u5ea6\u98a8\u96aa\u3002<\/p>\n

\u9019\u9805\u6f0f\u6d1e\u5f9e2011\u5e747\u6708\u5c31\u5b58\u5728\uff0c\u7b49\u65bc\u516c\u958b\u5c07\u8fd110\u5e74\uff0c<\/wbr>\u9019\u500b\u6f0f\u6d1e\u5f71\u97ff\u6240\u6709\u5f9e1.8.2\u52301.8.31p2\u7684\u820a\u7248\u672c\uff0c<\/wbr>\u53ca\u5f9e1.9.0\u52301.9.5p1\u7684\u7a69\u5b9a\u7248\u672c\u3002<\/p>\n

Qualys\u7814\u7a76\u4eba\u54e1\u767c\u5c55\u4e86\u6578\u500b\u6982\u5ff5\u9a57\u8b49\u653b\u64ca\u7a0b\u5f0f\uff0c<\/wbr>\u4e26\u4e14\u6210\u529f\u5728Ubuntu 20.04 (Sudo 1.8.31)\u3001Debian 10 (Sudo 1.8.27)\u548cFedora 33 (Sudo 1.9.2)\u4e0a\uff0c\u53d6\u5f97\u5b8c\u6574\u6839\u6b0a\u9650\u3002<\/wbr>\u800c\u5176\u4ed6Linux\u7248\u672c\u548c\u4f5c\u696d\u7cfb\u7d71\uff0c\u53ef\u80fd\u4e5f\u540c\u6a23\u66dd\u96aa\u3002<\/p>\n

\u5b89\u5168\u516c\u53f8\u65bc\u4eca\u5e741\u6708\u4e2d\u767c\u73fe\u5f8c\uff0c\u901a\u5831Sudo\u7684\u958b\u767c\u7dad\u8b77\u55ae\u4f4d\u3002<\/wbr>Sudo\u5df2\u5728\u672c\u5468\u5b8c\u6210\u4fee\u88dc\u3002<\/p>\n

Red Hat\u3001SUSE\u3001<\/wbr>Ubuntu\u548cDebian\u4e5f\u5206\u5225\u767c\u5e03\u5b89\u5168\u516c\u544a\uff0c<\/wbr>\u547c\u7c72\u7528\u6236\u5118\u901f\u5347\u7d1a\u5230\u6700\u65b0\u7248\u672c\u7684Sudo\u5957\u4ef6\u3002\u6839\u64daRed Hat\u516c\u544a\uff0c\u9019\u9805\u6f0f\u6d1e\u9664\u4e86\u5f71\u97ffRed Hat Enterprise Linux 5-8\u7248\u5916\uff0c\u4e5f\u5f71\u97ffRed Hat OpenShift Container Platform 4.x\u7248\u3002<\/p>\n

RedHat:\u00a0https:\/\/access.redhat.<\/wbr>com\/security\/cve\/CVE-2021-3156<\/a><\/p>\n

Ubuntu:\u00a0https:\/\/ubuntu.com\/<\/wbr>security\/CVE-2021-3156<\/a><\/p>\n

\u8cc7\u6599\u4f86\u6e90:\u00a0https:\/\/www.ithome.com.tw\/<\/wbr>news\/142469<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

(\u8f49\u77e5)\u5b78\u6821\u6709\u4f7f\u7528Linux\u76f8\u95dc\u7248\u672c\u7cfb\u7d71\uff0c\u8acb\u8a18\u5f97\u9032\u884c\u66f4\u65b0\u3002 \u5b89\u5168\u5ee0\u5546Qualys\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u985eUnix\u4f5c\u696d\u7cfb\u7d71\u5e38\u7528\u7684Sudo\u7a0b\u5f0f\uff0c\u5b58\u5728\u4e00\u500b\u6b0a\u9650\u5347\u7d1a\u6f0f\u6d1e\uff0c\u5728\u9810\u8a2dSudo\u7d44\u614b\u60c5\u6cc1\u4e0b\uff0c\u4efb\u4f55\u4eba\u90fd\u80fd\u53d6\u5f97\u4e3b\u6a5f\u4e0a\u7684\u6839\u57f7\u884c\u6b0a\u9650\u3002 <\/p>\n

Sudo\u662f\u4e00\u7a2e\u5de5\u5177\u7a0b\u5f0f\uff0c\u7528\u65bc\u5404\u7a2e\u985eUnix\u4f5c\u696d\u7cfb\u7d71\uff0c\u5305\u62ecBSD\u3001Mac OS X\u4ee5\u53caGNU\/Linux\uff0c\u5141\u8a31\u4e00\u822c\u4f7f\u7528\u8005\u4ee5\u53e6\u4e00\u4eba\u7684\u6839\u6b0a\u9650\u4f86\u57f7\u884c\u7a0b\u5f0f\u3002<\/p>\n

Qualys\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u7684\u6f0f\u6d1e\u5c6c\u65bcSudo\u7684\u5806\u7a4d\uff08heap-based\uff09\u7de9\u885d\u6ea2\u4f4d\u6f0f\u6d1e\uff0c\u7de8\u865fCVE-2021-3156\u3002\u5b83\u5728\u672c\u6a5f\u7528\u6236\u50b3\u9001sudoedit -s\u53ca\u4ee5\u55ae\u53cd\u659c\u7dda\uff08\\\uff09\u7d50\u5c3e\u7684\u6307\u4ee4\u884c\u53c3\u6578\u958b\u63a1\uff0c\u4efb\u4f55\u672c\u6a5f\u4f7f\u7528\u8005\uff08\u5305\u62ec\u4e00\u822c\u4f7f\u7528\u8005\u548c\u7cfb\u7d71\u4f7f\u7528\u8005\u3001sudoer\u6216\u975esudoer\uff09\u5728\u672a\u7d93\u9a57\u8b49\uff08\u5373\u7121\u9700\u77e5\u9053\u5bc6\u78bc\uff09\u90fd\u80fd\u8f15\u6613\u5b8c\u6210\u3002\u6210\u529f\u958b\u63a1\u53ef\u9020\u6210\u6b0a\u9650\u64f4\u5f35\uff0c\u7121\u6b0a\u9650\u7684\u672c\u6a5f\u7528\u6236\u56e0\u6b64\u53d6\u5f97\u4e3b\u6a5f\u6839\u6b0a\u9650\uff0c\u53ef\u80fd\u5371\u53ca\u8cc7\u6599\u96b1\u79c1\u6216\u5c0e\u81f4\u7cfb\u7d71\u88ab\u8b8a\u66f4\u6216\u7121\u6cd5\u4f7f\u7528\u3002\u9019\u9805\u6f0f\u6d1eCVSS 3.1\u98a8\u96aa\u8a55\u5206\u90547.0\uff0c\u5c6c\u4e2d\u9ad8\u5ea6\u98a8\u96aa\u3002<\/p>\n

\u9019\u9805\u6f0f\u6d1e\u5f9e2011\u5e747\u6708\u5c31\u5b58\u5728\uff0c\u7b49\u65bc\u516c\u958b\u5c07\u8fd110\u5e74\uff0c\u9019\u500b\u6f0f\u6d1e\u5f71\u97ff\u6240\u6709\u5f9e1.8.2\u52301.8.31p2\u7684\u820a\u7248\u672c\uff0c\u53ca\u5f9e1.9.0\u52301.9.5p1\u7684\u7a69\u5b9a\u7248\u672c\u3002<\/p>\n

Qualys\u7814\u7a76\u4eba\u54e1\u767c\u5c55\u4e86\u6578\u500b\u6982\u5ff5\u9a57\u8b49\u653b\u64ca\u7a0b\u5f0f\uff0c\u4e26\u4e14\u6210\u529f\u5728Ubuntu 20.04 (Sudo 1.8.31)\u3001Debian 10 (Sudo 1.8.27)\u548cFedora 33 (Sudo 1.9.2)\u4e0a\uff0c\u53d6\u5f97\u5b8c\u6574\u6839\u6b0a\u9650\u3002\u800c\u5176\u4ed6Linux\u7248\u672c\u548c\u4f5c\u696d\u7cfb\u7d71\uff0c\u53ef\u80fd\u4e5f\u540c\u6a23\u66dd\u96aa\u3002<\/p>\n

\u5b89\u5168\u516c\u53f8\u65bc\u4eca\u5e741\u6708\u4e2d\u767c\u73fe\u5f8c\uff0c\u901a\u5831Sudo\u7684\u958b\u767c\u7dad\u8b77\u55ae\u4f4d\u3002Sudo\u5df2\u5728\u672c\u5468\u5b8c\u6210\u4fee\u88dc\u3002<\/p>\n

Red Hat\u3001SUSE\u3001Ubuntu\u548cDebian\u4e5f\u5206\u5225\u767c\u5e03\u5b89\u5168\u516c\u544a\uff0c\u547c\u7c72\u7528\u6236\u5118\u901f\u5347\u7d1a\u5230\u6700\u65b0\u7248\u672c\u7684Sudo\u5957\u4ef6\u3002\u6839\u64daRed Hat\u516c\u544a\uff0c\u9019\u9805\u6f0f\u6d1e\u9664\u4e86\u5f71\u97ffRed Hat Enterprise Linux 5-8\u7248\u5916\uff0c\u4e5f\u5f71\u97ffRed Hat OpenShift Container Platform 4.x\u7248\u3002<\/p>\n

RedHat: https:\/\/access.redhat.com\/security\/cve\/CVE-2021-3156<\/p>\n

Ubuntu: https:\/\/ubuntu.com\/security\/CVE-2021-3156<\/p>\n

\u8cc7\u6599\u4f86\u6e90: https:\/\/www.ithome.com.tw\/news\/142469<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/20710"}],"collection":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=20710"}],"version-history":[{"count":0,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/20710\/revisions"}],"wp:attachment":[{"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=20710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=20710"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=20710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}