Linux sudo command bug could give any user root access

[Hanno Labuschagne]

Linux sudo command bug could give any user root access​

Researchers from Qualys have disclosed a vulnerability in the sudo utility that could be exploited to grant system administrator privileges to any user that is logged into a system.

Dubbed Baron Samedit (CVE-2021-3156), Qualys recommended that users apply patches for the vulnerability immediately.

The developers of sudo were informed about the security flaw on 13 January and the bug was patched on 19 January — a week before it was publicly disclosed.

 

[Binary_Bark]

sudo wipe -q /dev/sdx

 

[Sinbad]

sudo wipe -q /dev/sdx

sudo make me a sammich

 

[ToxicBunny]

sudo make me a sammich

Fek that...

sudo make caw-fee

 

[Binary_Bark]

sudo make me a sammich

sudo apt-get install bacon

 

[Stillie]

ah phew both my pcs are patched

 

[Sinbad]

ah phew both my pcs are patched

Exploit requires local shell access. How many people do you allow to use your pc?

 

[ToxicBunny]

Exploit requires local shell access. How many people do you allow to use your pc?

Clearly his PC is a little whore and lets everyone fondle it.

 

[Rocket-Boy]

Qualys was moaning like a stuffed pig on the vulnerability lists for my servers, but then again it's always moaning about something.

 

[_TrXtR_]

Exploit requires local shell access. How many people do you allow to use your pc?

Which can be gained remotely using other exploits

 

[susefan]

Canonical loves sudo.

 

[Ancalagon]

I thought Linux was more secure than Windows?

*runs*

 

[Swa]

I thought Linux was more secure than Windows?

*runs*

At least Linux doesn't give every user account root access.

 

[rorz0r]

At least Linux doesn't give every user account root access.

It does now

 

[Ancalagon]

At least Linux doesn't give every user account root access.

Since when has Windows done that?

 

[RandomGeek]

 

[Swa]

Since when has Windows done that?

Since forever. Windows has never had proper segregation, whether it's user accounts or memory access. Every account is essentially an admin account.

 

[|tera|]

(Server) SSH = none of this nonsense.
If you are running a Desktop, then it's best to make sure to update your Linux build regularly.

 

[Ancalagon]

Since forever. Windows has never had proper segregation, whether it's user accounts or memory access. Every account is essentially an admin account.

Okay. Please report your important security finding to the world. I'm sure the world would like to know how insecure Windows is. Maybe you'll get a bug bounty for uncovering this very severe defect?

 

[Swa]

Okay. Please report your important security finding to the world. I'm sure the world would like to know how insecure Windows is. Maybe you'll get a bug bounty for uncovering this very severe defect?

It's common knowledge. I didn't say it was a severe defect but it's not a good practice if you want a secure system. Linux even with flaws is more secure because of the underlying architecture. Windows you don't even need a sudo command to do anything from any account because the architectural safeguards to prevent programs escaping their address space is simply not implemented.