February 10, 2021
RE: CVE-2021-3156 and Implications for INSIGHT DLP Appliances
Dear INSIGHT Appliance Customer:
As you may be aware, on January 26,2021, the Qualys research team made the following vulnerability disclosure (CVE-2021-3156). The summary of this disclosure is that the Qualys research team found a heap-based buffer overflow vulnerability within the sudo application that allows any unprivileged user to gain root privileges on Linux without requiring a password. Updated versions of the sudo application have been released which address this vulnerability.
The INSIGHT Development team is aware of this exploit and has been running tests to study the impact this could have for our customers. Due to the secure environment and restrictions implemented on all INSIGHT Appliances, the identified exploit has already been mitigated. Our testing of current release IDACT versions has shown that even without an updated/patched sudo package, the vulnerability cannot be successfully performed. At this time, there is no concern that this exploit could be run on INSIGHT Appliances. We are preparing new IDACT releases that will be provided shortly to update the sudo package and completely remove the vulnerability.
Below are the details on how this may apply to the INSIGHT DLP Appliances:
CVE-2021-3156 will be patched in next IDACT update "IDACT 3.0-5". This update will contain sudo version sudo-1.8.23-10*, which is an updated package that addresses this issue. When IDACT 3.0-5 is released an announcement will be sent to all customers.
For additional information please see: https://linux.oracle.com/errata/ELSA-2021-0221.html
CVE-2021-3156 will be addressed in next IDACT update "IDACT 2.1-25". This update will contain sudo version sudo-1.8.6p3-29.0.2.*, which is an updated package that addresses this issue. When IDACT 2.1-25 is released an announcement will be sent to all customers.
For additional information please see: https://linux.oracle.com/errata/ELSA-2021-9019.html
If you have any questions or concerns, please contact the INSIGHT Support Team.
INSIGHT Support Team