1. Home
  2. >>
  3. linux
  4. >>
  5. A vulnerability in Sudo allows Linux users to use commands with root access without permission

A vulnerability in Sudo allows Linux users to use commands with root access without permission



A vulnerability in Sudo allows Linux users to use commands with root access without permission


A new vulnerability has been discovered in sudo, one of the most powerful and used utilities in Linux that comes in the form of a command, and that allows us to use commands in the form of superuser, also known as root, on any kernel-based distribution Linux.

The vulnerability in question allows you to bypass the security policies applied to sudo, so that a malicious user or a program with no apparent permissions could access superuser permissions, even if the sudo configuration explicitly prevents root access for a user or group of users.

To exploit this vulnerability, just enter the command “sudo -u#-1 id -u” or “sudo -u#4294967295 id -u”, figures that are recognized by the module as 0, internally associated with the root user with absolute permissions on the system.

  Google users in the UK will lose GPDR protections due to Brexit

This vulnerability affects all versions of sudo prior to 1.8.28, so that it is strongly recommended to update sudo to the latest version to prevent a program or an attacker from taking complete control of the system based on the root user, let us remember, is the most powerful on a Linux system and it is also the reason why we usually talk about “rooted” mobiles to define a terminal on which we have absolute control over your system.