News

Linux distributions patch sudo leak that gives root access

By admin
Spread the love

Researchers at security firm Qualys have discovered a vulnerability in sudo that allows a local attacker on the list of sudoers to gain root privileges on a vulnerable system. Patches are now available.

Qualys describes the vulnerability with attribute CVE-2017-1000367 on the Openwall mailing list. The method works on a system where the SELinux security module is enabled. There, an attacker can overwrite files on the system, including files assigned to root, using a command that does not grant him root privileges. Think of files like /etc/shadow or /etc/sudoers.

Sudo is a component that is intended to grant certain users permissions to run programs with root permissions. This vulnerability allows any user with sudo privileges to elevate their privileges to root. Several distributions have released patches, including Debian, Ubuntu 17.04, 16.10, 16.04 lts and 14.04 lts, ​​and Red Hat. An overview of affected systems is also available. Vulnerable versions of sudo are 1.8.6p7 through 1.8.20. In the various advisories it is recommended to perform an update.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Statcounter: Linux had more than three percent desktop market share for the first…

Exit mobile version