Sudo Vulnerability

Oct 15, 2019

Swapnil Bhartiya

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Related content

Decade-Old Sudo Flaw Discovered

A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.

more »
NEWS

In the news: Microsoft Edge Coming to Linux; Open Invention Network Backs Gnome Project Against Patent Troll; Fedora 31 Released; openSUSE OBS Can Now Build Windows WSL Images; Sudo Vulnerability; Hetzner Launches New Ryzen-Based Dedicated Root Servers; and IBM Joins the Mayflower Autonomous Ship Project.

more »
Command Line: Sudo and Passwords

Sudo provides the building blocks to secure your system exactly the way you want it.

more »
Microsoft Patents Sudo

A further patent by Microsoft brings the software patent discussion to a renewed boil: the software giant has claims on "sudo."

more »
Sudo and PolicyKit

If you give users who are usually supervised more scope to help themselves, they will need additional privileges. The sudo tool and the PolicyKit authorization service can control who does what on Linux.

more »

comments powered by Disqus

Issue 247/2021

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

News

Armbian 21.05 Now Available

The Armbian developers have released the latest update to the Debian-based Linux distribution geared for ARM and embedded devices.
StarLabs has Released Another Linux Laptop

A new 14" Linux laptop has been released by the company that created the 11" Star Lite and can be purchased with your choice of Linux distribution.
Ubuntu 21.04 Adds Support for Active Directory and Other Major Changes

Ubuntu

In a bid to help make Linux more viable for the business desktop, Canonical adds support for Active Directory and a few other notable changes.
GNOME 40 Available on openSUSE

The rolling release edition of openSUSE, Tumbleweed, now offers the latest version of the GNOME desktop.
Apple M1 Hardware Support to be Merged into Linux Kernel 5.13

Linux users will be able to install their favorite distribution on Apple’s M1-based hardware.
KDE Launches the Qt 5 Patch Collection

To support and maintain a stable Qt 5 for KDE Gears and Frameworks, KDE will maintain a patch collection.
Linux Creator Warns Next Kernel Could be Delayed

Kernel , Linux

Linus Torvalds has issued concern about the size of kernel 5.12 and possible delays for its release.
System76 Updates its Pangolin Laptop

Community , laptop

System76 has released a much-anticipated AMD version of their most popular laptop, the Pangolin.
New Debian-Based Distribution Arrives on the Market

TelOS is a new Debian-based Linux distribution with a customized, touch-screen-ready KDE Plasma 5 desktop.
System76 Releases New Thelio Desktop

One of the most ardent supporters of open source hardware has released a new desktop machine for home or office.

Sudo Vulnerability

Related content

Issue 247/2021

Buy this issue as a PDF

News

Tag Cloud