Decade-Old Sudo Flaw Discovered
A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.
Sudo is the venerable tool that allows standard users to run admin tasks on Linux distributions. Without sudo, users would have to log into the system as the root user (or change to the root user with the su command), in order to run admin commands. Seeing as how that is looked upon as a security risk, sudo has become a required tool for many Linux admins and users.
However, it has been discovered (by researchers at Qualys) that, for nearly a decade, sudo contained a heap-based buffer overflow vulnerability. This bug could allow any unprivileged user to gain root privileges using the default sudo configuration.
The vulnerability was introduced to sudo in July 2011, by way of commit 8255ed69 and effects the following versions of sudo:
- Legacy versions from 1.8.2 to 1.8.31p2
- Stable versions from 1.9.0 to 1.9.5p1
Qualys researchers have been able to verify the vulnerability and even develop multiple exploit variants to obtain full root privileges on Ubuntu 20.04, Debian 1, and Fedora 33.
A new version of sudo (v 1.9.5p2) has been created to patch the vulnerability. It is imperative that all Linux admins and users update their systems (servers and/or desktops) immediately, so their version of sudo is patched.
For more information on this vulnerability, read the official CVE record.
Issue 252/2021
Buy this issue as a PDF
News
-
GNOME 41 Has Arrived
The latest version of the GNOME desktop environment has been released with new functionality and plenty of improvements.
-
System76 Updates the 15" Pangolin with Ryzen
System76 announced they’re updating the Ryzen-powered Pangolin laptop to meet today’s need for more power.
-
KDE Plasma 5.23 Promises Plenty of Subtle Improvements
The next release of the KDE Plasma desktop includes new features, numerous improvements, and plenty of bug fixes.
-
GNOME 41 Beta is Now Available
The most popular open-source desktop environment is on the cusp of yet another new release, but don’t expect the massive changes found in the previous iteration.
-
Debian 11 “Bullseye” Now Available
The developers of Debian have released the latest version of the operating system so many distributions depend on.
-
Elementary OS 6 Odin Now Available
The developers of elementary OS have released their latest iteration which is all-in on Flatpaks and all about the user experience.
-
Kubuntu Focus Team Announces High-Performance Focus XE
The team behind the KDE-powered Linux laptops is now offering an ultra-portable laptop that doesn't skimp on performance.
-
Solus 4.3 Available for Download and Installation
The latest iteration from the Solus developers is out with kernel 5.13 and plenty of new features, bug fixes, and new hardware support.
-
Steam Deck Linux-Powered Gaming System Set to Take Over the Handheld World
A Linux and KDE-powered portable gaming platform is set to be released by Valve.
-
Linux Mint 20.2 Available and Better Than Ever
The developers of Linux Mint have gone a long way to perfecting the desktop experience.