Security News

A vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host. "This vulnerability is perhaps the most significant sudo vulnerability in recent memory and has been hiding in plain sight for nearly 10 years," said Mehul Revankar, Vice President Product Management and Engineering, Qualys, VMDR, and noted that there are likely to be millions of assets susceptible to it.

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system. Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems.

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.

Among its findings, the report states that while 74 percent of customers are scanning before deployment, still 58 percent of containers are running as root. There are some containers that should run as root-security and system daemons for example-but this is a small portion of total containers.

A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. Earlier this month, BornCity reported that the 'Microsoft Root Authority' certificate in Microsoft's Trusted Root Certification Authorities was expiring at the end of the month, on 12/31/20.

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

A vulnerability in GNOME Display Manager could allow a standard user to create accounts with increased privileges, giving a local attacker a path to run code with administrator permissions. The process involves running a few simple commands in the terminal and modifying general system settings that do not require increased rights.

The U.S. Cybersecurity and Infrastructure Security Agency has been named a Top-Level Root CVE Numbering Authority and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems and medical devices. A Top-Level Root CNA can not only assign CVEs, but it's also tasked with managing CNAs in a specific domain or community.

Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel's layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator. "Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects," the paper stated.

Expiring root certificates will cause devices like smart TVs and refrigerators to fail in the next few years, security researcher Scott Helme has warned. In order to validate the certificate the client must have a trusted root certificate from the issuing authority, and this, says Helme, is a problem for devices that never get updated.