It was reported earlier this week that a privilege escalation vulnerability exists in all current versions of sudo affecting practically every linux/unix install out there. This permits any user with shell access to run commands as root, without the required password. Below are a couple of links for bathroom reading. :)
https://www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/
https://threatpost.com/sudo-bug-root-access-linux/149169/
https://usn.ubuntu.com/4154-1/
Hey Scott! Long time no see (or read).
Thanks for the info. Kubuntu had an update before I even read about it, maybe the same day that it appeared in the media. The update came through the Ubuntu channel, of course. I might save the reading material for later as I"m pretty involved in the election and (surprisingly perhaps) I don't want to do anything that actually requires thinking in my free time. :-)
You did remind me to update the PLUG server although there isn't any other users other than me. Still sounds scary enough that I won't be able to sleep without fixing it.
Don't be a stranger - we miss your insights here.
I should have read the first article. The server was unaffected by the vulnerability as it doesn't use any sudo directives.
It seems odd that my desktop would have directives as I didn't add any but look at the sudoers file:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Yikes! Any member of the admin or sudo group can execute ANY command. Seems like overkill. At least nobody else uses my machine (not even remotely).