Joe Vennix found another critical vulnerability in Sudo | Cloudhostnews

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Sudo, another critical vulnerability in Sudo. Sudo is used for the core command system which is pre-installed on Unix, Linux based operating system and MasOS. As it is a core command system. So it is one of the very important parts of the operating system.

Joe Vennix is an Apple security member. He founds an important vulnerability in the core command system called Sudo. He found a vulnerability in Sudo.  Under a particular configuration, It allows a low privileged user to operate or execute arbitrary commands with complete root privileges. This privilege escalation vulnerability can be tracked as CVE-2019-18632.

Vulnerability In Sudo, Disable pwfeedback

Joe Vennix said that, If “pwfeedback” option is enabled in the sudoers configuration file, then and then vulnerability can be exploited. This feature provides visual feedback, an asterisk (*), once the user inputs the password in the terminal. But, In the upstream version of Sudo, pwfeedback feature is not enable by default.

In some Linux distribution, it is enabled in default files. By using the “sudo-1” command on terminal, all users can check whether “pwfeedback” is enabled or not. Mainly affected sudo versions are 1.7.1 to 1.8.25p1. But 1.8.30 is not exploitable because of the change in EOF handling introduced in Sudo 1.8.26.

Read more Linux News, Subscribe our newsletter for more updates.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This