Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root

Posted in: Resources » Blog, Cyber Heads-up

OVERVIEW

Yesterday (October 14, 2019), a vulnerability was disclosed in the Linux Sudo command (CVE-2019-14287) that permits any user to execute commands as root (the Linux superuser).

A very good full analysis of the flaw and how to exploit it is located at https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html.

Assura’s Take

This is an easy one: update Linux systems so that it uses at least Sudo version 1.8.28.

If you’re an Assura Managed SIEM customer, our SOC is monitoring for exploitation of this vulnerability. If you have any questions about this, do not hesitate to reach out to your Virtual ISO or Assura point-of-contact. Alternatively, feel free to write us at cyber-heads-up ~#at~# assurainc.com.