Shulou(Shulou.com)06/02 Report--

Exploiting the newly discovered sudo vulnerability in Linux allows some users to run commands as root, although this is limited.

A serious vulnerability has recently been discovered in the sudo command that, if exploited, allows an ordinary user to run the command as root, even though the user is explicitly prohibited from doing so in the / etc/sudoers file.

Updating sudo to version 1.8.28 should resolve this problem, so it is recommended that Linux administrators do so as soon as possible.

How this vulnerability is exploited depends on the specific permissions granted in / etc/sudoers. For example, a rule that allows a user to edit a file as any user except the root user actually allows that user to edit the file as well as the root user. In this case, the vulnerability can cause very serious problems.

For a user to be able to exploit this vulnerability, privileges need to be assigned to the user in / etc/sudoers so that the user can run commands as another user, and the vulnerability is limited to command privileges assigned in this manner.

This issue affects versions prior to 1.8.28. To check your sudo version, use the following command:

$sudo-VSudo version 1.8.27

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.