Sudo Vulnerability

Oct 15, 2019

Swapnil Bhartiya

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Related content

NEWS

In the news: Microsoft Edge Coming to Linux; Open Invention Network Backs Gnome Project Against Patent Troll; Fedora 31 Released; openSUSE OBS Can Now Build Windows WSL Images; Sudo Vulnerability; Hetzner Launches New Ryzen-Based Dedicated Root Servers; and IBM Joins the Mayflower Autonomous Ship Project.

more »
Command Line: Sudo and Passwords

Sudo provides the building blocks to secure your system exactly the way you want it.

more »
Microsoft Patents Sudo

A further patent by Microsoft brings the software patent discussion to a renewed boil: the software giant has claims on "sudo."

more »
Sudo and PolicyKit

If you give users who are usually supervised more scope to help themselves, they will need additional privileges. The sudo tool and the PolicyKit authorization service can control who does what on Linux.

more »
Honeypots for the Pi

Adding a honeypot to your network will slow down attackers and warn you that intruders are on the wire.

more »

comments powered by Disqus

Issue 39: Getting Started with Linux – /Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99

(incl. VAT)

News

Microsoft Brings procmon to Linux

The creators of Windows have brought the sysinternals procmon tool to the open source operating system.
New KDE Slimbook Available

The makers of the KDE Slimbook have released a Ryzen-4000 powered laptop.
PinePhone Now Offers a Convergence Package

The makers of the Linux PinePhone are now offering a model that makes desktop/mobile convergence a reality.
Flutter is Coming to Linux

Community

Google and Canonical have joined forces to bring Flutter to the Linux desktop.
Purism Launches a Mini PC

Hardware , laptop

The makers of the Librem line of Linux-based laptops have released a mini PC.
openSUSE Leap 15.2 Adds AI Machine Learning

Opensuse

With the new release of openSUSE Leap comes some exciting new features, including machine learning.
Google’s Nearby Sharing Could Work with Linux

Google’s answer to Apple’s AirDrop feature is rumored to work with the Linux desktop.
System76 Launches Ryzen-Powered Laptop

laptop , Linux

The new System76 Serval WS includes a powerful AMD Ryzen CPU.
Linux Mint Drops Snap

Linux Mint has officially dropped their support for Canonical’s snap packages.
Lenovo Upping Their Linux Support

Linux

Lenovo is now offering full certification and Linux preinstalled hardware.

Sudo Vulnerability

Related content

Issue 39: Getting Started with Linux – /Special Editions

Buy this issue as a PDF

News

Tag Cloud