Choose style:

Author Topic: Linux sudo flaw can lead to unauthorized privileges  (Read 330 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5523
  • Karma: 970
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Linux sudo flaw can lead to unauthorized privileges
« on: October 16, 2019, 09:49:03 am »
Exploiting a newly discovered sudo flaw in Linux can enable certain users to run commands as root despite restrictions against it.

Article: https://is.gd/4su6uh

See USN: https://usn.ubuntu.com/4154-1/



« Last Edit: October 16, 2019, 10:17:21 am by VinDSL, Reason: Addendum »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26468
  • Karma: 2869
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Linux sudo flaw can lead to unauthorized privileges
« Reply #1 on: October 16, 2019, 02:06:21 pm »
Already patched.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5523
  • Karma: 970
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux sudo flaw can lead to unauthorized privileges
« Reply #2 on: October 16, 2019, 07:09:22 pm »
What ver are you seeing?


Code: [Select]
╭─vindsl@Boogaloo-6 ~ 
╰─$ sudo -V
Sudo version 1.8.27
Sudoers policy plugin version 1.8.27
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.27
╭─vindsl@Boogaloo-6 ~
╰─$

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26468
  • Karma: 2869
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Linux sudo flaw can lead to unauthorized privileges
« Reply #3 on: October 16, 2019, 07:34:02 pm »
Code: [Select]
mark@E6540 ~ $ cat /etc/lsb-release
DISTRIB_ID=Peppermint
DISTRIB_RELEASE=10
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Peppermint 10 Ten"
Code: [Select]
mark@E6540 ~ $ sudo -V
Sudo version 1.8.21p2
Sudoers policy plugin version 1.8.21p2
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.21p2
Code: [Select]
mark@E6540 ~ $ dpkg -l | grep sudo
ii  sudo                                                             1.8.21p2-3ubuntu1.1                              amd64        Provide limited super user privileges to specific users
You appear to be showing the version for 19.04 :-\

1.8.21p2-3ubuntu1.1 is the patched version for 18.04
« Last Edit: October 16, 2019, 07:41:08 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5523
  • Karma: 970
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linux sudo flaw can lead to unauthorized privileges
« Reply #4 on: October 16, 2019, 11:10:42 pm »
Looks like it's working, so I'll leave it be...   ;)

Code: [Select]
╭─vindsl@Boogaloo-6 ~ 
╰─$ grep -r '!\s*root\>' /etc/sudoers /etc/sudoers.d/ | grep -v '^\s*#'
grep: /etc/sudoers: Permission denied
grep: /etc/sudoers.d/README: Permission denied
grep: /etc/sudoers.d/mintupdate: Permission denied
╭─vindsl@Boogaloo-6 ~
╰─$

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26468
  • Karma: 2869
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Linux sudo flaw can lead to unauthorized privileges
« Reply #5 on: October 17, 2019, 05:49:20 pm »
Yeah, you seem to have the 19.04 patched version.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec