Sudo Linux Bug Allows Hackers To Execute Commands As Root User

Share

According to the latest report published by The Debian Project, a Sudo vulnerability exists that allows hackers to gain access to root privileges and execute commands.

The vulnerability exists in the Sudo package (Sudo stands for “superuser do”) which allows users to execute programs and commands with security privileges of a superuser.

Tagged as CVE -2019-18634, the Sudo flaw has affected Debian GNU/Linux 9 “Stretch” operating system series running Sudo versions prior to 1.8.26 vis-à-vis versions 1.7.1 to 1.8.25p1.

Thankfully, the flaw can be exploited only when “pwfeedback” option is enabled in Sudoers by the system administrator. According to the National Vulnerability Database, in CVE-2019-18634 Linux flaw, “if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process.

However, Sudo developer Todd C. Miller says that the flaw can also be triggered even when Sudo permissions are not granted. It requires only pwfeedback to be enabled to exploit the flaw, as per Miller.

pwfeedback option is enabled by default in Linux Mint operating systems and elementary OS. However, it is not the default option for upstream and other packages and has to be explicitly enabled by an administrator.

If your PC is running Debian GNU/Linux 10 “Buster”, you’re not affected by this Sudo flaw owing to a change in EOF handling in Buster operating systems.

In case, you’re running the exploitable version of Sudo, patches are now available for Ubuntu Linux systems, Linux Mint, and elementary OS.

Ensure that you update Sudo packages to versions 1.8.27-1ubunti4.1 if you’re running Ubuntu 19.10, Sudo 1.8.21p2-3ubuntu1 for Ubuntu 18.04 LTS, and for systems running on Ubuntu 16.04 LTS, the latest Sudo version is 1.8.16-0ubuntu1.9.

Published by