Ten-Year-Old Sudo Bug Giving Root Privileges to Any User Gets a Fix

Share
  • Post Updated: April 3, 2024

Ten year old sudo bug giving root privileges to any user getsA ten-year-old sudo vulnerability that exposed Linux and macOS allowed any user to obtain root privileges has finally been patched with the release of version 1.8.31.

The security flaw resides in the pwfeedback option, which is enabled by default on distros like Linux Mint and elementary OS. Because of the bug, any user can trigger a stack-based buffer overflow even if they aren’t listed in the sudoers file.

The vulnerability exists in versions 1.7.1 to 1.8.25p1, but versions 1.8.26 through 1.8.30 can be abused because they include changes in EOF handling that block such an exploit. Sudo 1.7.1 was released on April 19, 2009, while the first patch version (1.8.26) landed on September 17, 2019, so the bug is about 10 years old.

Patch already available

Version 1.8.31 includes a patch to block the exploit, but if installing this latest release isn’t possible, disabling p… (read more)

Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!

Top Trending Pages: Ubuntu Hosting | Download Ubuntu Software | Share Ubuntu Files With Windows