Sudo Vulnerability » Linux Magazine
‘sudo’ is likely one of the most beneficial Linux/UNIX instructions that permits customers with out root privileges to regulate administrative duties. However, a brand new vulnerability was once found out in sudo package deal that provides customers root privileges.
“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” in accordance to the sudo advisory.
The vulnerability lets in customers with sudo privileges to run instructions as root even supposing the Runas specification explicitly disallows root get admission to so long as the ALL key phrase is indexed first within the Runas specification.
Sudo builders have already launched a patch to mend the vulnerability. Update your techniques now.