Sudo Vulnerability Enables anyone to execute commands as rootA researcher has found a serious flaw in a sudo program that allows anyone to execute root commands. The trick is to use one of the two unjustly converted ID numbers to zero. A patch will be ready soon but most will need to manually install the kit instead of waiting for the update. Sudo is a program that lets users execute “superuser” privileged commands. It is a convenient tool that can be found across almost every Linux distribution that allows users to do things like picking up a software package and installing it to change system settings and other important behavior. To be able to use “sudo,” a user will need to be in the list of “sudoers” and also provide their password when attempting to use the button. To access the list of sudoers, the admin / root password must be given. Finding a way around this mechanism would obviously have dire consequences for the protection of a Linux system as an unprivileged user might execute commands as root. Joe Vennix a researcher at Apple Information Security recently discovered this kind of vulnerability. Provided the “Cve-2019-14287” identifier, the bug allows a user to execute commands as another user (even as the root) without having a password. According to the study, all the intruder wants is to state their user identity as “-1” or “4294967295.” This exploits a conversion feature error that effectively views the -1 and 4294967295 as “0,” and the root user still belongs to zero. Red Hat has given this privilege escalation vulnerability to a Cvss v3 score of 7.8 so it’s highly critical. However to carry out this otherwise easy attack an attacker would have to have local access. Both sudo versions of 1.8.28 and older are affected, so this includes both Ubuntu Debian Mint Fedora Rhel installations CentOs and much more. You’ll soon get the sudo update on your repositories for users of Arch Linux and derivatives like Manjaro. The rest would be best to manually upgrade the sudo software as this is a serious risk that you will not be able to live with it for longer periods of time.