Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Qualys, Inc.    QLYS

QUALYS, INC.

(QLYS)
  Report
Real-time Estimate Quote. Real-time Estimate Cboe BZX - 01/26 01:44:18 pm
131.78 USD   +0.27%
01:18pCVE-2021-3156 : Heap-Based Buffer Overflow in Sudo (Baron Samedit)
PU
07:04aQUALYS : Dive Deep into VMDR
PU
01/25QUALYS : The Evolution of the Qualys Cloud Platform
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

01/26/2021 | 01:18pm EST
share with twitter
share with LinkedIn
share with facebook

The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

Sudo is a powerful utility that's included in most if not all Unix- and Linux-based OSes. It allows users to run programs with the security privileges of another user. The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys Security Researchers have been able to independently verify the vulnerability and develop multiple variants of exploit and obtain full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). Other operating systems and distributions are also likely to be exploitable.

As soon as the Qualys Research team confirmed the vulnerability, Qualys engaged in responsible vulnerability disclosure and coordinated with sudo's author and Open Source distributions to announce the vulnerability.

Disclosure Timeline
  • 2021-01-13: Advisory sent to Todd.Miller@sudo
  • 2021-01-19: Advisory and patches sent to distros@openwall
  • 2021-01-26: Coordinated Release Date (6:00 PM UTC)
Proof of Concept Video Technical Details

If Sudo is executed to run a command in 'shell' mode (shell -c command):

  • either through the -s option, which sets Sudo's MODE_SHELL flag; OR
  • through the -i option, which sets Sudo's MODE_SHELL and MODE_LOGIN_SHELL flags; then, at the beginning of Sudo's main(), parse_args() rewrites argv (lines 609-617), by concatenating all command-line arguments (lines 587-595) and by escaping all meta-characters with backslashes (lines 590-591): 
-------------------------------------------------------------------- 
571     if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) { 
572         char **av, *cmnd = NULL; 
573         int ac = 1; 
... 
581             cmnd = dst = reallocarray(NULL, cmnd_size, 2); 
... 
587             for (av = argv; *av != NULL; av++) { 
588                 for (src = *av; *src != '

© Publicnow 2021
All news about QUALYS, INC.
01:18pCVE-2021-3156 : Heap-Based Buffer Overflow in Sudo (Baron Samedit)
PU
07:04aQUALYS : Dive Deep into VMDR
PU
01/25QUALYS : The Evolution of the Qualys Cloud Platform
PU
01/25QUALYS : Building an Open Cloud Platform
PU
01/25MEDIA ALERT : Qualys QSC EMEA 2021 - Free Virtual User Conference - Kicks Off To..
PU
01/21QUALYS : Unified Vulnerability View of Unauthenticated and Agent Scans
PU
01/21QUALYS : District Court Extends Fact Discovery Deadline To Permit Additional Ins..
AQ
01/12INSIDER TRENDS : 90-Day Insider Buying Trend at Qualys Slowed with Sale of Share..
MT
01/12INSIDER TRENDS : Qualys Sees 90 Days of Insider Buying Trend Scaling Back with S..
MT
01/12QUALYS : January 2021 Patch Tuesday – 83 Vulnerabilities, 10 Critical, One..
PU
More news
Financials (USD)
Sales 2020 363 M - -
Net income 2020 85,4 M - -
Net cash 2020 374 M - -
P/E ratio 2020 62,6x
Yield 2020 -
Capitalization 5 128 M 5 128 M -
EV / Sales 2020 13,1x
EV / Sales 2021 11,2x
Nbr of Employees 1 459
Free-Float 86,1%
Chart QUALYS, INC.
Duration : Period :
Qualys, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends QUALYS, INC.
Short TermMid-TermLong Term
TrendsBullishBullishBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 14
Average target price 109,92 $
Last Close Price 131,42 $
Spread / Highest target 6,53%
Spread / Average Target -16,4%
Spread / Lowest Target -35,3%
EPS Revisions
Managers and Directors
NameTitle
Philippe F. Courtot Chairman & Chief Executive Officer
Sumedh S. Thakar President & Chief Product Officer
Joo Mi Kim Chief Financial Officer
Sandra England Bergeron Lead Independent Director
Peter Pace Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
QUALYS, INC.7.84%5 128
SALESFORCE.COM, INC.1.52%206 817
CLOUDFLARE, INC.8.94%25 438
DYNATRACE, INC.2.59%12 522
SINCH AB (PUBL)-1.64%10 254
ANAPLAN, INC.-3.90%9 798
Categories
Free services
Mobile App
SOLUTIONS
About
Stock Market Quotes Interactive brokers The best of tweets Stock Market News Börse: Aktien, Kurse und Nachrichten
Copyright © 2021 Surperformance. All rights reserved. Stock quotes are provided by Factset, Morningstar and S&P Capital IQ