Login

Register

Login

Register

Home In Media Gadget News Linux's Most Important Admin Command "SUDO" had an Overwhelming Security Vulnerability

Linux’s Most Important Admin Command “SUDO” had an Overwhelming Security Vulnerability

In computer security, vulnerabilities are weaknesses that can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system’s weakness.

If you’re familiar with Linux’s command line or any Unix-based platform like macOS, you probably already know what the “sudo” command is used for. This worldwide known command lets you run tasks with admin permissions/higher access levels, which you wouldn’t have without using it.

Linux's SUDO Command Flaw

While the command is indeed powerful, recent reports state that maybe it was actually a little bit too powerful. Well, until now that is. Developers have recently confirmed that they finally fixed a major flaw that revolved around the use of the “sudo” command. The command would let malicious users claim root-level access, even if the system’s configuration explicitly forbid it. This means that if an intruder/hacker had just enough access to run the sudo command, the person behind the attack could then perform any action they wanted on a given machine.

The exploit was directly related with sudo’s treatment of user IDs. By typing the command with a user ID of -1 or its unsigned equivalent 4294967295, the system would suddenly see you as if you had root access (user ID 0), regardless of actually recording the actual user ID in its log. And even worst, since the user IDs in question are non-existent in the password database, this basically means that the command wouldn’t require a password to be used.

Linux's SUDO Command Flaw

But in case you’re a Linux user, there’s absolutely no reason to be scared about your system’s safety. As stated before, developers already worked on a fix. As a work-around, all you have to do to prevent the exploit via said flaw is to update your system to a newer sudo package (1.8.28 or later).

While you might not be immediately vulnerable, as any system intruder/malicious user will need access to the command line control over your system before they can even consider exploiting the flaw, it isn’t very comforting to know that such an important command was vulnerable.

Once again, remembered to run the update for the newer sudo package (1.8.28 or later) to prevent the flaw from getting exploited on your system.

David Novakhttps://www.gadgetgram.com
For the last 20 years, David Novak has appeared in newspapers, magazines, radio, and TV around the world, reviewing the latest in consumer technology. His byline has appeared in Popular Science, PC Magazine, USA Today, The Wall Street Journal, Electronic House Magazine, GQ, Men’s Journal, National Geographic, Newsweek, Popular Mechanics, Forbes Technology, Readers Digest, Cosmopolitan Magazine, Glamour Magazine, T3 Technology Magazine, Stuff Magazine, Maxim Magazine, Wired Magazine, Laptop Magazine, Indianapolis Monthly, Indiana Business Journal, Better Homes and Garden, CNET, Engadget, InfoWorld, Information Week, Yahoo Technology and Mobile Magazine. He has also made radio appearances on the The Mark Levin Radio Show, The Laura Ingraham Talk Show, Bob & Tom Show, and the Paul Harvey RadioShow. He’s also made TV appearances on The Today Show and The CBS Morning Show. His nationally syndicated newspaper column called the GadgetGUY, appears in over 100 newspapers around the world each week, where Novak enjoys over 3 million in readership. David is also a contributing writer fro Men’s Journal, GQ, Popular Mechanics, T3 Magazine and Electronic House here in the U.S.

Must Read

Hooke Lav – Wearable Pro-Grade Wireless Bluetooth Microphone (FULL REVIEW)

The Hooke Lav is a wearable pro-grade wireless Bluetooth microphone that can accurately capture pro-grade sound with no wires, no sound dropouts and no hassle. This wearable, dual-channel, and wireless Bluetooth microphone features a total of 8GB of internal storage as well as Bluetooth-connectivity to any Bluetooth-enabled device with the mere click of a button.

The Gift of Tech – The Latest Gizmos and Gadgets

Life is becoming increasingly technological, so you probably want to get the best tech gadgets around. This article discusses the latest gizmos released.

NURVV Run Insoles – Smart Insoles that Track Running Metrics (REVIEW)

The NURVV Run Insoles are Smart Insoles that are worn by runners during each running workout to accurately track their running metrics. With these smart shoe insoles, runners can analyze and better understand all of their running data to effectively improve their running performance. Without a doubt, this is a revolutionary wearable gadget that is guaranteed to help runners to easily and conveniently improve everything there is to improve about their running technique. With all that said, all that there's left to ask is... have you got the NURVV to improve your running technique?

3 Crucial Tips for Buying Electronic Gadgets & Accessories Online

Buying electronic gadgets online can save you quite a bit of money. Here are 3 great tips that'll guide you when shopping for electronic accessories online.

Noshinku Bergamot – Pocket Hand Sanitizer Gel Sprayer

The Noshinku Bergamot is a portable pocket hand sanitizer gel sprayer that contains an organic and safe-to-use hand sanitizer blend made of an oil mix of Bergamot, Jojoba, Argan, Rosehip and Coconut. While this sprayable hand sanitizer gel mix is ultra-effective and capable of killing up to 99.9% of germs that you can potentially come in contact with, its natural oils and botanical ingredients give it a really nice "fruity" aroma that’s super pleasant to smell, have both a Citrus, woody, and herbaceous fragrant smell.

Check Out Gagetguy On Indystyle

Check Out Gagetguy On PetPals TV