 Monday, October 14, 2019 in Security  No Comments |  | Attention Linux Users!
A vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access.
Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user.
By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system.
The Hacker News | |
|
