- ‣ Google's cloud business lost over $ 5.5 billion last year
- ‣ Microsoft Azure Functions Vulnerable to Docker Escape Bug
- ‣ Pinecone, a serverless vector database for machine learning, leaves stealth with $10M funding
- ‣ Researchers detect new malware targeting Kubernetes clusters to mine Monero
- ‣ GitLab Changes its Pricing Plan; Drops Starter Tier
- ‣ Microsoft Security Business Surpasses $10 Billion in Revenue
- ‣ Researchers uncover a 10-year old vulnerability in Linux
- ‣ IBM Introduces New Cloud Pricing
- ‣ AWS to offer free eight-week training
- ‣ IBM acquires cloud consultancy firm - Taos Mountain
- ‣ Driftctl: A Tool to detect Infrastructure Drifts
- ‣ New Work From Home Expansion From OpsRamp Network.
- ‣ AWS announces forks of Elasticsearch and Kibana
- ‣ CockroachLabs Secures $160M to Grow Their Distributed SQL Database
- ‣ AWS Unveils The New ML-Powered Amazon DevOps Guru
- ‣ Grafana Adds A Free Tier To Its Cloud Observability Platform
- ‣ Sysdig Report Says 58% Of Container Images Run As Root
Researchers uncover a 10-year old vulnerability in Linux
Feb. 9, 2021, 12:46 p.m. in CyberSecurity
Security researchers at Qualys, the cloud security firm, have uncovered a 10-year old vulnerability in Sudo, a utility included in almost all Linux and Unix-based operating systems. The vulnerability allows any unprivileged user to gain access to root privileges on a vulnerable host using a default Sudo configuration.
Sudo is a utility that allows users to run programs with the security privileges of another user. The vulnerability in Sudo was first introduced in July 2011 and affected all versions from 1.8.2 to 1.8.31p2, and the default configuration of all stable versions from 1.9.0 to 1.9.5p1.
Qualys security researchers were able to identify the vulnerability and develop various ways to exploit it to gain full root privileges on Ubuntu 20.04, Debian 10, and Fedora 33. Likely, other operating systems can also be exploited.
A bug in the Sudo code, related to the sudoedit command, allows you to avoid the escape characters and overflow the heap-based buffer through a command-line argument that ends with a single backslash character.
According to Qualys, Sudo v1.9.5p2, a new version of Sudo, has been created to patch the problem.
Two Sudo security flaws CVE-2019-14287 and CVE-2019-18634, have been discovered in the past two years. However, the vulnerability disclosed recently is considered the most damaging.
As per the Qualys report, the buffer overflow vulnerability allows the attacker to control the size of the buffer and control the contents of the overflow itself. The vulnerability may enable a malicious user to execute custom code on the host with root privileges. It is also possible for the attacker to write null bytes to the overflowed buffer.
According to Qualys, to test if a system is vulnerable or not, you may log in to the system as a non-root user. Then run the command “sudoedit -s /”. If the system responds with an error that starts with “sudoedit:”, your system is vulnerable. If it has been patched, it will respond with an error that starts with “usage:”
A new version of Sudo - Sudo v1.9.5p2 - has been created to patch the problem. Notifications for the same have been posted for many Linux distros, including Fedora, Debian, Ubuntu, Gentoo, and SUSE, according to Qualys.