Sudo Has a High-Severity Vulnerability that Low-Privilege Attackers Might Exploit to Get Root Access
1 min read
Jan 23, 2023
Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command.
A system administrator has the ability to delegate authority to certain users or groups of users through the use of the sudo (su “do”) command, which provides an audit trail of the commands that were executed and the arguments that were passed to those commands. This allows the administrator to give certain users or groups of users the ability to run some or all commands as root or another user.
A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled.
Researchers Matthieu Barjole and Victor Cutillas of Synacktiv uncovered the weakness, which was given the identifier CVE-2023-22809, in the sudoedit function for Linux. This vulnerability might enable a malicious user with sudoedit access to edit arbitrary files on a system running Linux.
Related Articles
1 - 0 min read
RunC Container Escape Flaws Grant Attackers Host Access
1 - 0 min read
Critical Glibc Flaws Put Major Linux Distros at Risk
1 - 0 min read
Hackers' Backdoor: Warning of New Linux Kernel Vulnerability
