vulnerability – How to disable sudo on CentOS 6 to prevent CVE-2021-3156?

How to disable sudo on CentOS 6 to prevent CVE-2021-3156?

chmod 0644 /usr/bin/sudo will effectively disable sudo for non-root users. It removes the setguid bit, so sudo will work as epxected for scripts executed by root, but not for other users.

Do we have other fix for CVE-2021-3156 on CentOS 6 except disabling sudo?

Upgrade to a supported release. If you run CentOS 6 with untrusted local users, it’s probably just a matter of time before a new local privilege escalation surfaces.

Will we be able to execute su – after disabling sudo?

Yes.