• Welcome to Peterborough Linux User Group (Canada) Forum.
 

sudo privilege escalation vulnerability - widespread

Started by Scott, October 16, 2019, 10:42:50 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Scott

It was reported earlier this week that a privilege escalation vulnerability exists in all current versions of sudo affecting practically every linux/unix install out there.  This permits any user with shell access to run commands as root, without the required password.  Below are a couple of links for bathroom reading. :)

https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/
https://threatpost.com/sudo-bug-root-access-linux/149169/
https://usn.ubuntu.com/4154-1/

Jason

#1
Hey Scott! Long time no see (or read).

Thanks for the info. Kubuntu had an update before I even read about it, maybe the same day that it appeared in the media. The update came through the Ubuntu channel, of course. I might save the reading material for later as I"m pretty involved in the election and (surprisingly perhaps) I don't want to do anything that actually requires thinking in my free time. :-)

You did remind me to update the PLUG server although there isn't any other users other than me. Still sounds scary enough that I won't be able to sleep without fixing it.

Don't be a stranger - we miss your insights here.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

Jason

#2
I should have read the first article. The server was unaffected by the vulnerability as it doesn't use any sudo directives.

It seems odd that my desktop would have directives as I didn't add any but look at the sudoers file:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d


Yikes! Any member of the admin or sudo group can execute ANY command. Seems like overkill. At least nobody else uses my machine (not even remotely).
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13