The Linux "sudo" Flaw is the Real Deal

In October of 2019, a flaw was found in sudo, a core command utility that is an integral part of all Linux distributions. This vulnerability allows Linux users to gain access as a root (admin) user and run commands that would otherwise be restricted to them. With a low level of difficulty for exploitation and a CVSS score of 7.8, this sudo flaw is the real deal.

alt

What is sudo?

Ordinarily, sudo is used to allow system administrators to grant access to certain users and give them the ability to run commands as any user without having to go through the process of logging in to a different profile every time. Administrators can also prevent root access to certain users, until now.

The sudo flaw originates from the way sudo handles user IDs. The vulnerability is triggered when the negative user ID, -1 or its unsigned equivalent 4294967295, is used, giving the attacker root access. And since these user IDs don’t exist in the password database, it doesn’t require a password for use. Any attacker who has sudo access is able to exploit this flaw.

How does this flaw affect us?

This means trouble for any CISOs whos organization uses Linux machines. Being able to become a root user with just a couple of clicks means endless opportunities for an attacker. Linux did patch the vulnerability in its latest version, but their distributions still need to roll it out to their users. It is recommended that CISOs go ahead and update manually, so they are not stuck waiting for the update from their distribution.

How can Vicarius help?

With Vicarius’ TOPIA -- an advanced AI-driven platform, CISOs and key security personnel are being alerted about critical patches and vulnerabilities in real time, so that they don't need to go through endless lists of vulnerabilities, but only deal with what matters. Instead of patching everything (which never works), focus on what matters right now.