I  am running Sudo version 1.8.20p2 on AIX7.1.   I have followed  the steps outlined in the IBM Power Systems Community site to check if my current sudo version is vulnerable to the security issue reported in CVE-2021-3156.  Below are the results.

[/opt/sudo]>./bin/sudoedit -s
usage: sudoedit [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...

[/opt/sudo]>./bin/sudoedit -s /
Password:

According to the explanation my sudo version is not vulnerable.   

Can IBM confirm that my version is not vulnerable?

Below is the link to the article:
AIX Open Source

------------------------------
Nejdet Sami
------------------------------

#AIXOpenSource

Hey Nej,

That's is vulnerable.

A vulnerable version of sudo will either prompt for a password or display an error similar to:

sudoedit: /: not a regular file

https://www.sudo.ws/alerts/unescape_overflow.html

------------------------------
Dennis Mathews
------------------------------

Original Message:
Sent: Wed March 17, 2021 12:12 AM
From: Nejdet Sami
Subject: Testing vulnerability reported in CVE-2021-3156 for SUDO running on AIX

I  am running Sudo version 1.8.20p2 on AIX7.1.   I have followed  the steps outlined in the IBM Power Systems Community site to check if my current sudo version is vulnerable to the security issue reported in CVE-2021-3156.  Below are the results.

[/opt/sudo]>./bin/sudoedit -s
usage: sudoedit [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...

[/opt/sudo]>./bin/sudoedit -s /
Password:

According to the explanation my sudo version is not vulnerable.   

Can IBM confirm that my version is not vulnerable?

Below is the link to the article:
AIX Open Source

------------------------------
Nejdet Sami
------------------------------

#AIXOpenSource

Original Message:
Sent: 3/18/2021 1:22:00 PM
From: Dennis Mathews
Subject: RE: Testing vulnerability reported in CVE-2021-3156 for SUDO running on AIX

Hey Nej,

That's is vulnerable.

A vulnerable version of sudo will either prompt for a password or display an error similar to:

sudoedit: /: not a regular file

https://www.sudo.ws/alerts/unescape_overflow.html

------------------------------
Dennis Mathews
------------------------------

Original Message:
Sent: Wed March 17, 2021 12:12 AM
From: Nejdet Sami
Subject: Testing vulnerability reported in CVE-2021-3156 for SUDO running on AIX

I  am running Sudo version 1.8.20p2 on AIX7.1.   I have followed  the steps outlined in the IBM Power Systems Community site to check if my current sudo version is vulnerable to the security issue reported in CVE-2021-3156.  Below are the results.

[/opt/sudo]>./bin/sudoedit -s
usage: sudoedit [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...

[/opt/sudo]>./bin/sudoedit -s /
Password:

According to the explanation my sudo version is not vulnerable.   

Can IBM confirm that my version is not vulnerable?

Below is the link to the article:
AIX Open Source

------------------------------
Nejdet Sami
------------------------------

#AIXOpenSource