IT Professionals:
On October 14, 2019, a new vulnerability [1] was announced that affects Linux systems using sudo. Sudo is a command that allows non-privileged users to execute commands with the security privileges of another user. It can be configured to allow targeted or broad access to applications and commands available on the system, including the ability to create new privileged users.
Impact
Upon successful exploitation, users referenced in the sudoers file can execute any command as root [2]. Exploitation is trivial and documentation is publicly available. It is important to understand that, only users listed in the sudoers file are capable of exploiting this flaw.
Platforms Affected
All sudo versions prior to 1.8.28
UISO Recommendations
UISO Recommends that sudo is updated to version 1.8.28 (or newer), to address the sudo flaw.
Workarounds
If all users in the sudoers file (typically located in /etc) are vetted to run commands as root, including elevating themselves to the root user, and system activity is being monitored for illicit use of sudo, patching can be delayed.
–IT Community Partnerships on behalf of the University Information Security Office
[1] Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted: https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
[2] Potential bypass of Runas user restrictions https://www.sudo.ws/alerts/minus_1_uid.html
~~~~~ Today’s IT Pro Tip ~~~~~
Seats are still available for next week’s CompTIA Cybersecurity Analyst+ (CYSA+) EdCert course but don’t delay as registration closes tomorrow! This instructor-led, online course covers the duties of cybersecurity analysts who are responsible for monitoring and detecting security incidents in information systems and networks, and for executing a proper response to such incidents. More information at https://edcert.iu.edu.
Oct 21-25 9am-4pm CySA+ [Cybersecurity Analyst+] (Exam CS0-001) CompTIA $500 Register by Oct 16