The Linux 'sudo' Flaw is the Real Deal

Dec 23, 2019

In October of 2019, a flaw was found in sudo, a core command utility that is an integral part of all Linux distributions. This vulnerability allows Linux users to gain access as a root (admin) user and run commands that would otherwise be restricted to them. With a low level of difficulty for exploitation and a CVSS score of 7.8, this sudo flaw is the real deal.

sudeo

What is sudo?

Ordinarily, sudo is used to allow system administrators to grant access to certain users and give them the ability to run commands as any user without having to go through the process of logging in to a different profile every time. Administrators can also prevent root access to certain users, until now.

The sudo flaw originates from the way sudo handles user IDs. The vulnerability is triggered when the negative user ID, -1 or its unsigned equivalent 4294967295, is used, giving the attacker root access. And since these user IDs don’t exist in the password database, it doesn’t require a password for use. Any attacker who has sudo access is able to exploit this flaw.

How does this flaw affect us?

This means trouble for any CISOs whos organization uses Linux machines. Being able to become a root user with just a couple of clicks means endless opportunities for an attacker. Linux did patch the vulnerability in its latest version, but their distributions still need to roll it out to their users. It is recommended that CISOs go ahead and update manually, so they are not stuck waiting for the update from their distribution.

How can Vicarius help?

With Vicarius’ TOPIA -- an advanced AI-driven platform, CISOs and key security personnel are being alerted about critical patches and vulnerabilities in real time, so that they don't need to go through endless lists of vulnerabilities, but only deal with what matters. Instead of patching everything (which never works), focus on what matters right now.

Written by

Michael Assraf

Recent Posts

  • 1

    Vicarius Offers Free Assistance to Keep Your Remote Workforce Safe

    Michael Assraf March 19, 2020
  • 2

    Vicarius and Ingecom Announce Partnership

    Roi Cohen March 09, 2020
  • 3

    What Exactly Happened with the Exim Vulnerability?

    Lior Lugassy January 11, 2020
  • 4

    Vicarius Raises $5M to Protect Apps & Assets Against Vulnerabilities

    Michael Assraf January 19, 2020
  • 5

    We Are Vicarius

    Yossi Ze'evi December 23, 2019
#Get topia

Don't Wait Until It's Too Late

Take a proactive approach to third-party software vulnerability protection today.