Sudo Vulnerability

Oct 15, 2019

Swapnil Bhartiya

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News

Fedora Continues 32-Bit Support

Fedora , Games , Linux

In a move that should come as a relief to some portions of the Linux community, Fedora will continue supporting 32-bit architecture.
Linux Kernel 6.17 Drops bcachefs

Filesystem , Kernel , Linux

After a clash over some late fixes and disagreements between bcachefs's lead developer and Linus Torvalds, bachefs is out.
ONLYOFFICE v9 Embraces AI

Artificial Inte... , open source , OpenOffice

Like nearly all office suites on the market (except LibreOffice), ONLYOFFICE has decided to go the AI route.
Two Local Privilege Escalation Flaws Discovered in Linux

Kernel , Linux , Security

Qualys researchers have discovered two local privilege escalation vulnerabilities that allow hackers to gain root privileges on major Linux distributions.
New TUXEDO InfinityBook Pro Powered by AMD Ryzen AI 300

Hardware , Linux , Notebook

The TUXEDO InfinityBook Pro 14 Gen10 offers serious power that is ready for your business, development, or entertainment needs.
Danish Ministry of Digital Affairs Transitions to Linux

LibreOffice , Linux , Windows

Another major organization has decided to kick Microsoft Windows and Office to the curb in favor of Linux.
Linux Mint 20 Reaches EOL

With Linux Mint 20 at its end of life, the time has arrived to upgrade to Linux Mint 22.
TuxCare Announces Support for AlmaLinux 9.2

AlmaLinux , Enterprise Linux , Security

Thanks to TuxCare, AlmaLinux 9.2 (and soon version 9.6) now enjoys years of ongoing patching and compliance.
Go-Based Botnet Attacking IoT Devices

IoT , Security , Systemd

Using an SSH credential brute-force attack, the Go-based PumaBot is exploiting IoT devices everywhere.
Plasma 6.5 Promises Better Memory Optimization

Desktop , Linux , Plasma

With the stable Plasma 6.4 on the horizon, KDE has a few new tricks up its sleeve for Plasma 6.5.

Sudo Vulnerability

Related content

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

News

Fedora Continues 32-Bit Support

Linux Kernel 6.17 Drops bcachefs

ONLYOFFICE v9 Embraces AI

Two Local Privilege Escalation Flaws Discovered in Linux

New TUXEDO InfinityBook Pro Powered by AMD Ryzen AI 300

Danish Ministry of Digital Affairs Transitions to Linux

Linux Mint 20 Reaches EOL

TuxCare Announces Support for AlmaLinux 9.2

Go-Based Botnet Attacking IoT Devices

Plasma 6.5 Promises Better Memory Optimization

Sudo Vulnerability

Related content

Subscribe to our Linux Newsletters Find Linux and Open Source Jobs Subscribe to our ADMIN Newsletters

Support Our Work

News

Tag Cloud

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters