Skip to main content
Skip table of contents

Handle the CVE-2021-3156 Vulnerability

A severe vulnerability has been found in Unix and Linux operating systems, that can affect Smart ID Digital Access componentThis article describes how to handle the vulnerability.

This is only a problem if you have added unprivileged users to the system. The default installation does not have any unprivileged users.

An unprivileged user can exploit the vulnerability using sudo, which can cause a heap overflow to elevate privileges to root, without authentication, or even get listed in the sudoers file. 

  1. Run this command to see if you have a vulnerable system:

    Check if you have a vulnerable system

    CODE 
    sudoedit -s /

     

    1. If you have a vulnerable system, the response is 

      sudoedit: /: not a regular file
  2. Depending on version, enter these commands to handle the vulnerability:

    1. For Digital Access 6.0.0 to 6.0.2

      For Digital Access 6.0.0 to 6.0.2

      CODE 
      sudo apt update
sudo apt install sudo=1.8.31-1ubuntu1.2

    2. For Digital Access 5.13.1 - 5.13.5

      For Digital Access 5.13.1 to 5.13.5

      CODE 
      sudo apt update 
sudo apt install sudo=1.8.21p2-3ubuntu1.4

  3. Run this command again:

    Check the system again for vulnerability

    CODE 
    sudoedit -s /

    1. The answer shall now be:

      Answer if system is not vulnerable

      CODE 
      usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close