Source | Text Version

QSN-4154-1: sudo vulnerability

October 14, 2019

Summary

Sudo could be made to run commands as root if it called with a specially crafted user ID.

Details

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.

References

https://usn.ubuntu.com/4154-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l sudo

If the current version you have is before 1.8.16-0ubuntu1.8, run the following:

$ sudo apt-get update
$ sudo apt-get install sudo

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l sudo-ldap

If the current version you have is before 1.8.16-0ubuntu1.8, run the following:

$ sudo apt-get update
$ sudo apt-get install sudo-ldap

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.