Sudo Vulnerability » Linux Magazine
‘sudo’ is without doubt one of the most helpful Linux/UNIX instructions that enables customers with out root privileges to handle administrative duties. However, a brand new vulnerability was found in sudo bundle that provides customers root privileges.
“When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” in accordance to the sudo advisory.
The vulnerability permits customers with sudo privileges to run instructions as root even when the Runas specification explicitly disallows root entry so long as the ALL key phrase is listed first within the Runas specification.
Sudo builders have already launched a patch to repair the vulnerability. Update your techniques now.