Sudo Vulnerability

Oct 15, 2019

Swapnil Bhartiya

A vulnerability in the sudo package gives sudo users more powers than they deserve.

‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

The vulnerability allows users with sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Sudo developers have already released a patch to fix the vulnerability. Update your systems now.

Related content

Decade-Old Sudo Flaw Discovered

A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.

more »
NEWS

In the news: Microsoft Edge Coming to Linux; Open Invention Network Backs Gnome Project Against Patent Troll; Fedora 31 Released; openSUSE OBS Can Now Build Windows WSL Images; Sudo Vulnerability; Hetzner Launches New Ryzen-Based Dedicated Root Servers; and IBM Joins the Mayflower Autonomous Ship Project.

more »
Command Line: Sudo and Passwords

Sudo provides the building blocks to secure your system exactly the way you want it.

more »
Doas

The Sudo privilege management tool is big and complicated, with many advanced options that only an expert would need. Doas is far simpler – which might just make it safer for desktop users.

more »
Microsoft Patents Sudo

A further patent by Microsoft brings the software patent discussion to a renewed boil: the software giant has claims on "sudo."

more »

comments powered by Disqus

Issue 269/2023

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs

News

Kubuntu Focus Announces XE Gen 2 Linux Laptop

Another Kubuntu-based laptop has arrived to be your next ultra-portable powerhouse with a Linux heart.
MNT Seeks Financial Backing for New Seven-Inch Linux Laptop

MNT Pocket Reform is a tiny laptop that is modular, upgradable, recyclable, reusable, and ships with Debian Linux.
Ubuntu Flatpak Remix Adds Flatpak Support Preinstalled

If you're looking for a version of Ubuntu that includes Flatpak support out of the box, there's one clear option.
Gnome 44 Release Candidate Now Available

The Gnome 44 release candidate has officially arrived and adds a few changes into the mix.
Flathub Vying to Become the Standard Linux App Store

If the Flathub team has any say in the matter, their product will become the default tool for installing Linux apps in 2023.
Debian 12 to Ship with KDE Plasma 5.27

The Debian development team has shifted to the latest version of KDE for their testing branch.
Planet Computers Launches ARM-based Linux Desktop PCs

The firm that originally released a line of mobile keyboards has taken a different direction and has developed a new line of out-of-the-box mini Linux desktop computers.
Ubuntu No Longer Shipping with Flatpak

In a move that probably won’t come as a shock to many, Ubuntu and all of its official spins will no longer ship with Flatpak installed.
openSUSE Leap 15.5 Beta Now Available

The final version of the Leap 15 series of openSUSE is available for beta testing and offers only new software versions.
Linux Kernel 6.2 Released with New Hardware Support

Find out what's new in the most recent release from Linus Torvalds and the Linux kernel team.