Tracked as CVE-2021-3156, a heap overflow bug found in sudo and dubbed “Baron Samedit” has been found recently. It allows an unprivileged user to gain root privileges on a vulnerable machine using a default sudo configuration.
The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.
2020-02-03: Looks like macOS is affected after all.
Check It Out: Buffer Overflow Bug Found in SUDO Dubbed ‘Baron Samedit’
As the bug was introduced in 2011, from the article, it seems unlikely that it would impact macOS which forked from BSD Unix well over a decade earlier. Does anyone know if this is true?
Looks like MacOS just might be impacted, they appear to be using the same sudo code base as everyone else and we are able to cause a segmentation fault on fully updated Catalina and Big Sur. Notably, Apple left out a symbolic link for sudoedit, so looks like an attacker will need to create that symbolic link somewhere to try to exploit Baron Samedit on MacOS.