“On Linux systems, sudo parses the /proc//stat file to determine the device number of the process’s tty (field 7). Sudo 1.8.6p7 through 1.8.20 are affected. In this case, researchers at Qualys found a vulnerability in sudo’s get_process_ttyname function that allows a local attacker with sudo privileges to run commands as root or elevate privileges to root.Īn alert on the sudo project website says SELinux must be enabled and sudo built with SELinux support for the vulnerability to be triggered. Sudo is a program for Linux and UNIX systems that allows standard users to run specific commands as a superuser, such as adding users or performing system updates. ![]() Red Hat, Debian and other Linux distributions yesterday pushed out patches for a high-severity vulnerability in sudo that could be abused by a local attacker to gain root privileges.
0 Comments
Leave a Reply. |