Security News > 2021 > January > Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered - and it had been sitting there for a decade, researchers said.
The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user.
The authors of Sudo have released a patched update, Sudo version 1.9.5p2. "Not all Unix-like systems use the same implementation of Sudo, but this vulnerability is in the implementation distributed from https://www.sudo.ws/sudo.html and is a widely used implementation," David A. Wheeler from the Linux Foundation told Threatpost.
Sudo authors explained in a Tuesday advisory that when Sudo is running in shell mode, "It escapes special characters in the command's arguments with a backslash." Then, a policy plug-in removes any escape characters before deciding on the Sudo user's permissions.
It's not just a single bug which exposed these systems, it's actually the combination of two bugs working in tandem in Sudo that makes the exploitation possible, the authors explained.
"A bug in the code that removes the escape characters will read beyond the last character of a string if it ends with an unescaped backslash character," the Sudo authors explained.