#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Linux Sudo | Breaking Cybersecurity News | The Hacker News

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Feb 03, 2020
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments. Sudo Vulnerability (CVE-2019-18634) The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634 , in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26. According to Vennix, the flaw can only be exploited when the " pwfeedback " option is enabled in the sudoers configuration file, a feature that provides visua
Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Oct 14, 2019
Attention Linux Users! A new vulnerability has been discovered in Sudo —one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user. By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system. However, since privilege separ
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Cybersecurity Resources