Sudo Vulnerability

Oct 15, 2019

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Related content

comments powered by Disqus

Issue 37: Discover LibreOffice – 2019 Edition/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News