流觞1.1 官网
https://www.sudo.ws/download_mirrors.html
1.2 测试是否存在漏洞
# 基本都存在
[******@localhost ~]$ sudoedit -s '' `perl -e 'print "A" x 65536'`
Segmentation fault -显示这个基本就存在漏洞了
# 升级建议
sudo =>1.9.5p2
1.3 下载各系统安装包
- centos 5 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-1.9.5-3.el5.x86_64.rpm
- centos 6 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-1.9.5-3.el6.x86_64.rpm
- centos 7 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-1.9.5-3.el7.x86_64.rpm
- ubuntu 16.04 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo_1.9.5-3_ubu1604_amd64.deb
- ubuntu 18.04 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-ldap_1.9.5-3_ubu1804_amd64.deb
- ubuntu 20.04 https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo_1.9.5-3_ubu2004_amd64.deb
1.4 centos升级sudo
- 已测试 centos6和centos7 没发现问题
[root@localhost ******]# rpm -Uvh sudo-1.9.5-3.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:sudo-1.9.5-3.el7 ################################# [ 50%]
Cleaning up / removing...
2:sudo-1.8.23-4.el7 ################################# [100%]
[******@localhost ~]$ sudo -V
Sudo version 1.9.5p2
Sudoers policy plugin version 1.9.5p2
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.5p2
Sudoers audit plugin version 1.9.5p2
1.5 漏洞验证-修复完成
[******@localhost ~]$ sudoedit -s '' `perl -e 'print "A" x 65536'`
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
