Sudo is updated again, this time to prevent hackers from executing commands as root

Pablinux

2 minutes

Vulnetability in sudo

A few hours ago, Canonical has published a security report in which it tells us about a vulnerability in sudo command. At first, I did not pay much attention to it because it was labeled low priority, but finally I have decided to write this article because it is one of the most used commands in Linux-based distributions. Additionally, the security flaw could allow hackers to gain root access and execute commands.

At least two teams or projects have reported this vulnerability. One is Project Debian, the first to publish information last Saturday, mentioning that the affected system is Debian 9 "Stretch". On the other hand, Canonical has published in report USN-4263-1, where he speaks of a single vulnerability that affects all versions of Ubuntu that are still supported in their natural term, which are Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS.

Minor Sudo update for security

Both Project Debian and Canonical tell us about the same security flaw, a CVE-2019-18634 whose description details a «buffer overflow in sudo when pwfeedback is enabled«. If it has been labeled as low priority it's because the bug is not easy to exploit: "pwfeedback" has to be enabled in Sudoers by the system administrator. As the National Vulnerability Database reports, «If pwfeedback is enabled in / etc / sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process«.

As usual, Canonical has published the security report once it has released the patches that fix the bug, so updating Sudo and protecting ourselves from it is as simple as opening the Software Center (or Software Update) and installing the new packages that will already be waiting for us. According to Canonical, it will not be necessary to restart the operating system for the changes to take effect.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Fernando said
    ago 4 years

    The usual, keep our Ubuntu updated and problem solved.

    Reply to Fernando
  2.   Alejandro Scan Caceres said
    ago 4 years

    I love Linux mega I am from Lima Peru and I love my Ubuntu system and the games are very cheberes And the good thing is that Linux is for people who know about systems or are on that path because the installation of something mega excites me Very like this Linux whit Ubuntu program very Like bros!

    Reply to Alejandro Scan Caceres