Linux Sudo Command Bug Enabled Hackers To Gain Root Access

One of the most important commands in Linux contained a rather nasty security flaw that could have let malicious types gain root access to the operating system. The bug, which has since been squashed by developers, was found in the sudo command that is used by developers to carry out tasks and run stuff with elevated privileges. Sudo only enables this if users of the command have the right permissions to do so on a Linux machine or know the root user’s password. But the command appears to have been a little too effective. It could have allowed hackers with enough access to run sudo on a Linux machine to gain root access even if the configuration of Linux they were accessing would not have normally allowed it.

For the vast majority of Linux users, this bug will not affect you as you need to specifically grant a user access to sudo as another user for a particular command. Even then, that command must be able to perform privileged security tasks or to execute other commands.

— BleepingComputer (@BleepinComputer) October 14, 2019

October 16, 2019

Jake Moore

+ Follow Me - UnFollow Me

Cybersecurity Specialist

ESET

Attacks such as this require physical access and the correct privileges on the machine. So these attacks are also preventable in their majority. However, the insider threat is becoming more and more apparent in the workplace and this will threaten businesses who bypass the patch. Insiders with knowledge can be extremely damaging and can create far more problems than external attacks. This highlights the importance of limiting user privileges where possible. An attack can easily happen,.....Read More

Attacks such as this require physical access and the correct privileges on the machine. So these attacks are also preventable in their majority. However, the insider threat is becoming more and more apparent in the workplace and this will threaten businesses who bypass the patch. Insiders with knowledge can be extremely damaging and can create far more problems than external attacks. This highlights the importance of limiting user privileges where possible. An attack can easily happen, conducted by a disgruntled employee or just a bad apple, so this risk must be mitigated where possible. It goes without saying a patch is an absolute must on these versions too.  Read Less

Like(0)  (0)

×

Linkedin Message

@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Insiders with knowledge can be extremely damaging and can create far more problems than external attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/linux-sudo-command-bug-enabled-hackers-to-gain-root-access

Copy this message and share on your Linkedin profile. Thanks! COPY

×

Facebook Message

@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"Insiders with knowledge can be extremely damaging and can create far more problems than external attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/linux-sudo-command-bug-enabled-hackers-to-gain-root-access

Copy this message and share on your Facebook profile. Thanks! COPY

Please login to comment.

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Submit Your Expert Comments

×

Submit Your Expert Comments

Write Your Expert Comments (0/1000) *

Your Registered Email *

Notification Email (If different from your registered email)

* By using this form you agree with the storage and handling of your data by this web site.

Verification Code (Check your email and enter here to proceed)

SUBMIT

Resend Verification Code

×

Upload Content

Youtube Link  

Image  

---

Youtube Link (Ex: https://www.youtube.com/watch?v=eUxUUarTRW4 )

Add

Uploading the content. Please wait....

Submit

×