The Debian Project and Canonical were quick to patch a critical security vulnerability that affected the sudo program, which lets users run programs with the security privileges of another user, urging users to update their systems immediately.
Discovered by Joe Vennix, the security vulnerability (CVE-2019-14287) could be exploited by an attacker to execute arbitrary commands as the root user (system administrator) because sudo incorrectly handled certain user IDs when it was configured to allow users to run commands as an arbitrary user through the ALL keyword in a Runas specification.
“Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID- -1 or 4294967295,” r… (read more)
Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!
Top Trending Pages: Ubuntu Hosting | Download Ubuntu Software | Share Ubuntu Files With Windows
