Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: Scott on October 16, 2019, 10:42:50 AM

Title: sudo privilege escalation vulnerability - widespread
Post by: Scott on October 16, 2019, 10:42:50 AM
It was reported earlier this week that a privilege escalation vulnerability exists in all current versions of sudo affecting practically every linux/unix install out there.  This permits any user with shell access to run commands as root, without the required password.  Below are a couple of links for bathroom reading. :)

https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/
https://threatpost.com/sudo-bug-root-access-linux/149169/
https://usn.ubuntu.com/4154-1/
Title: Re: sudo privilege escalation vulnerability - widespread
Post by: Jason on October 16, 2019, 08:37:22 PM
Hey Scott! Long time no see (or read).

Thanks for the info. Kubuntu had an update before I even read about it, maybe the same day that it appeared in the media. The update came through the Ubuntu channel, of course. I might save the reading material for later as I"m pretty involved in the election and (surprisingly perhaps) I don't want to do anything that actually requires thinking in my free time. :-)

You did remind me to update the PLUG server although there isn't any other users other than me. Still sounds scary enough that I won't be able to sleep without fixing it.

Don't be a stranger - we miss your insights here.
Title: Re: sudo privilege escalation vulnerability - widespread
Post by: Jason on October 16, 2019, 08:54:40 PM
I should have read the first article. The server was unaffected by the vulnerability as it doesn't use any sudo directives.

It seems odd that my desktop would have directives as I didn't add any but look at the sudoers file:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d


Yikes! Any member of the admin or sudo group can execute ANY command. Seems like overkill. At least nobody else uses my machine (not even remotely).