Security News > 2020 > February > Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative privileges on Linux or macOS systems.

Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments.

Check If You're Affected and Apply Patches To determine if your sudoers configuration is affected, you can run "Sudo -l" command on your Linux or macOS terminal to find whether the "Pwfeedback" option is enabled and listed in the "Matching Defaults entries" output.

"While the logic bug is also present in sudo versions 1.8.26 through 1.8.30 it is not exploitable due to a change in EOF handling introduced in sudo 1.8.26," Miller said.

Joe Vennix last year reported a similar impact vulnerability in Sudo that could have been exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/M7ZGsctUY0w/sudo-linux-vulnerability.html