One of the most important commands in Linux contained a rather nasty security flaw that could have let malicious types gain root access to the operating system. The bug, which has since been squashed by developers, was found in the sudo command that is used by developers to carry out tasks and run stuff with elevated privileges. Sudo only enables this if users of the command have the right permissions to do so on a Linux machine or know the root user’s password. But the command appears to have been a little too effective. It could have allowed hackers with enough access to run sudo on a Linux machine to gain root access even if the configuration of Linux they were accessing would not have normally allowed it.
For the vast majority of Linux users, this bug will not affect you as you need to specifically grant a user access to sudo as another user for a particular command. Even then, that command must be able to perform privileged security tasks or to execute other commands.
— BleepingComputer (@BleepinComputer) October 14, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
