Critical Heap Buffer Overflow in Sudo Plaguing Tyco Illustra Cameras

  • Several models of Tyco Illustra cameras deployed globally are vulnerable to privilege elevation exploits.
  • There are fixing upgrades available for all vulnerable models except for one that has reached EOL.
  • Exploiting the flaw isn’t complicated and doesn’t require authentication, but presupposes physical access.

CISA has published an alert to inform users of Tyco Illustra cameras about CVE-2021-3156, a critical heap buffer overflow vulnerability on Sudo that could lead to a hacker obtaining administrator access to the underlying Linux OS. Successfully exploiting the flaw is simple as there’s not much complexity involved in the process, and the fact that the affected products are deployed in critical manufacturing fields across the globe is making the situation pretty bad.

The particular flow affects a wide range of products that use the Sudo program, all versions before 1.9.5p2, and this includes several Tyco camera models. Exploiting it requires local access to the devices, which somewhat alleviates the criticality, but it is open to unprivileged users who don’t need to authenticate in order to carry out the attack. Several Linux distributions have already published relevant advisories about this and updated their Sudo to prevent exploitation.

The vulnerable cameras carry the Tyco brand, but they are made by ‘Sensormatic Electronics,’ a subsidiary of Johnson Controls. The models that are affected by the flaw are the following:

  • Pro Gen 3, All versions prior to 2.8.0
  • Flex Gen 2, All versions prior to 1.9.4
  • Pro 2, All versions
  • Insight, All versions prior to 1.4.0
Source: Johnson Controls

Upgrading to the versions indicated above resolves the problem. Unfortunately, all Pro 2 versions are vulnerable, and there will be no fix for the particular model as it has already reached its end of life and is no longer supported by the vendor. In addition to applying the updates, users are advised to restrict physical access to the device to authorized personnel only and ensure that the principles of “least privilege” are followed in the organization.

In general, when using surveillance systems in sensitive environments, following an insider threat prevention strategy is key. Perform frequent risk assessments, apply patches as soon as they come out, use data encryption and MFA wherever possible, actively monitor all access, lock server rooms, document all electronics in the premises, and define access zones with certain privilege tiers.

ICC World Test Championship Final 2023 Live Stream: How to Watch Test Cricket Online from Anywhere 
The pinnacle of test cricket is upon us, and the excitement is high ahead of what promises to be a thrilling contest...
How to Watch Avatar: The Way of Water Online from Anywhere
This year, Avatar: The Way Of Water became the third-highest-grossing picture of all time, collecting more than 2 billion dollars since its...
How to Watch It’s Always Sunny in Philadelphia Season 16 Online from Anywhere
It’s Always Sunny in Philadelphia Season 16 is here, and you will find below the premiere date, cast, plot, episode release schedule,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari