Critical Heap Buffer Overflow in Sudo Plaguing Tyco Illustra Cameras

  • Several models of Tyco Illustra cameras deployed globally are vulnerable to privilege elevation exploits.
  • There are fixing upgrades available for all vulnerable models except for one that has reached EOL.
  • Exploiting the flaw isn’t complicated and doesn’t require authentication, but presupposes physical access.

CISA has published an alert to inform users of Tyco Illustra cameras about CVE-2021-3156, a critical heap buffer overflow vulnerability on Sudo that could lead to a hacker obtaining administrator access to the underlying Linux OS. Successfully exploiting the flaw is simple as there’s not much complexity involved in the process, and the fact that the affected products are deployed in critical manufacturing fields across the globe is making the situation pretty bad.

The particular flow affects a wide range of products that use the Sudo program, all versions before 1.9.5p2, and this includes several Tyco camera models. Exploiting it requires local access to the devices, which somewhat alleviates the criticality, but it is open to unprivileged users who don’t need to authenticate in order to carry out the attack. Several Linux distributions have already published relevant advisories about this and updated their Sudo to prevent exploitation.

The vulnerable cameras carry the Tyco brand, but they are made by ‘Sensormatic Electronics,’ a subsidiary of Johnson Controls. The models that are affected by the flaw are the following:

  • Pro Gen 3, All versions prior to 2.8.0
  • Flex Gen 2, All versions prior to 1.9.4
  • Pro 2, All versions
  • Insight, All versions prior to 1.4.0
Source: Johnson Controls

Upgrading to the versions indicated above resolves the problem. Unfortunately, all Pro 2 versions are vulnerable, and there will be no fix for the particular model as it has already reached its end of life and is no longer supported by the vendor. In addition to applying the updates, users are advised to restrict physical access to the device to authorized personnel only and ensure that the principles of “least privilege” are followed in the organization.

In general, when using surveillance systems in sensitive environments, following an insider threat prevention strategy is key. Perform frequent risk assessments, apply patches as soon as they come out, use data encryption and MFA wherever possible, actively monitor all access, lock server rooms, document all electronics in the premises, and define access zones with certain privilege tiers.

Latest
How to Watch European Beach Volleyball Championships 2022 Online From Anywhere
The 2022 European Championships are in full swing, and the European Beach Volleyball Championships are about to reach crunch time. With 128...
How to Watch Homicide Hunter: Never Give Up Online From Anywhere
Lt. Joe Kenda enthralled audiences with tales from the hundreds of murder cases he investigated throughout the 9 seasons of Homicide Hunter....
How to Watch Hotties Online From Anywhere: Stream the Blind Date Food Competition Series
If you like blind date reality shows as much as cooking competitions and extremely spicy food, you'll most probably love this new...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]