Patching Baron Samedit - An Urgent and Daunting Task Across the Always-On Enterprise

As you may be aware, Qualys announced in a blog post last week they have discovered a long-standing, major vulnerability in Linux ecosystems which has existed for 10 years. Furthermore, they helped in getting a patch developed and released for it - Sudo v1.9.5p2.

The newly discovered Linux vulnerability, named ‘Baron Samedit’ (also known as CVE-2021-3156), is quite significant, since a low-privileged user can gain admin access by following a few simple steps – in essence, the vulnerability is caused by a heap-based buffer overflow in Sudo. It is safe to assume that the majority of the world’s Linux systems (including cloud and potentially some IoTs) have been subject to the vulnerability and, unless they are patched, the vulnerability will persist.

ITRS products have not been affected by Baron Samedit; however, it is important that the clients inspect the underlying Unix-like / Linux operating systems on which ITRS products are installed. The Sudo programs should be upgraded to the latest version – that is Sudo v1.9.5p2. A comprehensive repository of the binaries for patching the vulnerable operating systems can be found here.

The task of identifying machines with this type of vulnerability and applying the corresponding patches could be daunting and may cause a degree of disruption in any operational environment which relies on information technology; this is particularly true for the always-on enterprises. Depending on the size of the organization, there could be tens of thousands and, in certain cases, millions of operating systems which need to be patched; therefore, capacity planning and resource monitoring will be key to success during an intense patching period where server availability and performance are affected.