For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Barny_Riches's avatar
Barny_Riches
Icon for Altostratus rankAltostratus
Jan 27, 2021

CVE-2021-3156 | SUDO Heap-based Buffer Overflow

Are any of the BIG-IP versions affected by the recent SUDO vulnerability announcement? I have checked our F5 estate and I don't believe that the SUDO package is installed or used, but I just want to ...
BIG-IP
security
DMan's avatar
DMan
Icon for Nimbostratus rankNimbostratus
Jan 27, 2021

F5s seems to be vulnerable, to confirm, see below:

 

How can I test if I have vulnerable version?

To test if a system is vulnerable or not, login to the system as a non-root user.

Run command “sudoedit -s /”

If the system is vulnerable, it will respond with an error that starts with “sudoedit:”

If the system is patched, it will respond with an error that starts with “usage:”

Barny_Riches's avatar
Barny_Riches
Icon for Altostratus rankAltostratus
Jan 27, 2021

Thanks for the reply, that's interesting. My BIG-IP (15.1.04) instances return:

sudoedit: command not found

Running an rpm -qa query also doesn't show sudo being installed. Could sudo be installed on some versions and not others?