Linux Sudo Command Has A Security Flaw; How To Fix?

One of the most popular and commonly used Linux commands i.e. the Sudo command has a security flaw. The flaw allows the Linus users to run commands as root even when the permission to do has not been granted. Joe Vennix of Apple Information Security was the one who discovered this vulnerability.

More About the Sudo Command Flaw

It has been found that when a Linux user allows for the Sudo system command to run tasks, the command runs those tasks as root even when the permission to do so is denied.

For your knowledge, the popular Linux Sudo command or SuperUser do is an important command that provides users with administrative privileges. The administrative privileges allow the users to execute system tasks that the users might not able to perform without the required permission.

The Sudo command can be primarily used to run tasks as root but with the required permission of course. A special UID is allotted to every user when the permission is granted and the user’s sudoer entry has the keyword “All” in the Runus application. Furthermore, the Sudo command allows the users to tun tasks as another user.

The main issue is that the flaw is able to access the UID of another user as either “-1” or “4294967295” in the Sudo command. It provides malign Linux users unauthorized access to run the commands as root.

As the flaw allows for access to run the commands, it treats the UID of the user as 0 when in reality-1 is entered. In addition to this, PAM session modules won’t be able o run because the Sudo command (with-1) is not registered in the password database.

How To Fix The Sudo Command Flaw

The Sudo command has been patched in the Sudo update version 1.8.28. So, the Linux users are required to update to latest Sudo version to get rid of the vulnerability.

However, it is to be noted that the Sudo command flaw works only when the user is given access to any command through the sudoer configuration file. As a result, most of the Linux servers have not been affected by this flaw.

Leave a Reply

Your email address will not be published. Required fields are marked *