Many businesses nowadays require users to access resources remotely. That could mean a remote-access VPN for users in the field, a website hosted on a server within the network, or a remote desktop solution for people working from home. All of these systems are a potential target for attackers. Upgrading your standard issue ISP router will greatly improve your security.Read More
Vendor: VMware Product: LinuxComponent: SudoDate: 26th January 2021Target: IT Managers, SysOps
What's newAny user with login access to a Linux OS can utilise a Buffer Overflow to gain administrative access to the system using Sudo.
How does this affect me?
- If you are running the following version of Sudo then you are affected: -
- All legacy versions from 1.8.2 to 1.8.31p2
- All stable versions from 1.9.0 to 1.9.5p1
What do I need to do?
- As per Qualys's instructions, to test if your system is vulnerable, login as a non-root user and run command: -
sudoedit -s /If the system is vulnerable, it will respond with an error that starts with “sudoedit:”If the system is patched, it will respond with an error that starts with “usage:”
- If you are vulnerable update Sudo or your OS.