dcsimg
Linux Today: Linux News On Internet Time.





New Sudo Vulnerability Could Allow Attackers to Obtain Full Root Privileges

Feb 03, 2020, 10:00 (0 Talkback[s])
(Other stories by Marius Nestor)

It would appear that there is a vulnerability (CVE-2019-18634) in the Sudo package, a program that allows users to run programs in a UNIX system with the security privileges of another user, which could allow an unprivileged user to obtain full root privileges. The vulnerability affects Sudo versions prior to version 1.8.26, from 1.7.1 to 1.8.25p1, but only if the pwfeedback option was set in the /etc/sudoers file by the system administrator. This could allow users to trigger a stack-based buffer overflow in the privileged sudo process.

Complete Story