Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • 919 East Hillsdale Boulevard, Town Center, Foster City, California, 94404, United States Founded: 1999 Employees: 251-1.000 info@qualys.com 1(800) 745-4355

    Qualys
    (0 reviews)

    Industries: , 100 views, 0 comments

    The Qualys Cloud Platform and integrated suite of solutions helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications.

    Used by more than 7,700 customers in over

    100 countries, including a majority of each of the Forbes Global 100 and Fortune 100, the Qualys Cloud Platform performs more than 1 billion IP scans/audits a year resulting in over 400 billion security events.

    Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

    The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, pci compliance, questionnaire service, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

    • Security flaw in Sudo - Heap-Based Buffer Overflow allow root access

      A new security flaw has been identified in the sudo software. Sudo, which is installed by default in many operating systems, is by default setuid root. This means that any shortcomings can lead to local users being able to obtain root permissions.
      Over the years, sudo has also become larger and more features have been added. This has i.a. led to OpenBSD now having an option called doas.
      Yesterday, the American security company Qualys reported that they had identified a vulnerability in sudo (CVE-2021-3156). The vulnerability allows a local user to exploit a heap vulnerability and thus become rooted. The bug has been around since 2011 and is found in the standard configuration. It is important to point out that it is included in the standard configuration, as many vulnerabilities discovered in sudo require special configurations.
      The vulnerability is found in the set_cmnd () function and can be most easily triggered by using sudoedit and the following command:
      sudoedit -s '\' `perl -e 'print "A" x 65536'` And if you are vulnerable, you get a segfault. Please note that you need a local account but not a member of sudoers or similar. And that not all installations have sudoedit, such as macOS.
      Video from Qualys showing vulnerability:
       
      • 0 comments
      • 223 views

    User Feedback

    Create an account or sign in to leave a review

    You need to be a member in order to leave a review

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

    There are no reviews to display.


×
×
  • Create New...