Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
Attention Linux Users!
A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access.
Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user.
By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system.
Reference Link : https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html?fbclid=IwAR1V9EZDp75uQdBgcQxV4t4C0THHguOtNkIk7o1PfapQPJEt9FaZmFK58Mg