Sudo Vulnerability

Oct 15, 2019

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Related content

  • Decade-Old Sudo Flaw Discovered

    A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.

  • NEWS

    In the news: Microsoft Edge Coming to Linux; Open Invention Network Backs Gnome Project Against Patent Troll; Fedora 31 Released; openSUSE OBS Can Now Build Windows WSL Images; Sudo Vulnerability; Hetzner Launches New Ryzen-Based Dedicated Root Servers; and IBM Joins the Mayflower Autonomous Ship Project.

  • Command Line: Sudo and Passwords

    Sudo provides the building blocks to secure your system exactly the way you want it.

  • Doas

    The Sudo privilege management tool is big and complicated, with many advanced options that only an expert would need. Doas is far simpler – which might just make it safer for desktop users.

  • Microsoft Patents Sudo

    A further patent by Microsoft brings the software patent discussion to a renewed boil: the software giant has claims on "sudo."

comments powered by Disqus

Issue 43: Getting Started with Linux – /Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News