Quickly and by way of introduction, I will tell you that sudo is a tool that allows you to execute commands as if you were another user. Usually the other user is the root user. That is to say with our regular user, we can execute commands as if we were root user.

This situation brings many advantages when facilitating usability in a home system, but is not widely used in business.

The detail is that a vulnerability has been discovered that grants permissions of root user to whom it should not.

Specifically we refer to a vulnerability identified with the number CVE-2019-14287 and has already been documented by Canonical under the number USN-4154-1.

In which Ubuntu versions is there a vulnerability in sudo?

For now, the vulnerability in sudo affects the following versions of Ubuntu:

• Ubuntu 19.04
• Ubuntu 18.04 LTS
• Also, Ubuntu 16.04 LTS
• Ubuntu 14.04 ESM
• Ubuntu 12.04 ESM

This at server level as well as desktop operating system level. Therefore, as Ubuntu is one of the most popular distributions, it is easy to deduce that many people are affected by the vulnerability.

On the other hand, also versions 17.x, 18.x and 19.x of Linux Mint has been affected. This is because Linux Mint uses Ubuntu’s base packages for the system.

What was the problem?

The /etc/sudoers file is where you find the configuration of which users may or may not use the sudo command.

However, the security breach discovered allowed any user to use commands as root. This was accomplished by modifying the file to circumvent the ban. That is, even when it was defined that a user could not execute sudo, modifying the sudoers file and setting user ID -1, this policy is circumvented.

On the other hand, it is worth mentioning that sudo is not enabled on many servers and there the consequences are less serious.

How can I solve the problem?

Fortunately, the vulnerability has been discovered and patched. Therefore, at this point it should already be available as an update through your preferred package manager.

For example, in the case of Ubuntu and Linux Mint is already available.

And so on the rest of the Linux distributions. Just upgrade. In case you do not have the new update, wait a little longer and it will surely be available.

Sudo has been compromised but there is already a solution. Upgrade now!

Also, you can learn how to enable on Debian and CentOS.

The post Discovered vulnerability in sudo. Upgrade your system now! appeared first on Linux Windows and android Tutorials.