Patches to make Sudo utility less open to abuse

The patch is for a "potentially serious bug," said Goodin, where unprivileged users can take on root privileges on vulnerable systems.

This is all about Sudo, a "very popular, very simple" sysadmin application, said ZDNet.

Sudo is used in a range of Linux and Unix-based systems, including Apple macOS. Apple released a patch update for macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2, wrote Mohit Kumar in The Hacker News.

Sudo, said Stephen Vaughan Nichols in ZDNet, is easy to abuse. Yet another way of saying it, in ZDNet: "it's so darn useful, until it's not."

Sudo has weight as "one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system," said Kumar. Malcolm Owen in AppleInsider also talked about Sudo in general. It has the potential to cause havoc if misused.

"The vulnerability, tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1," said Ars Technica. "It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback."

In the vulnerable versions, an attacker could take advantage of a pair of separate flaws in order to gain root privileges. The problem was not just a "Mac thing" but AppleInsider made note that the vulnerability was found by an Apple security employee Joe Vennix.

Decipher: "The risk of exploitation is quite high for systems on which the pwfeedback option is enabled. In order to exploit the bug, an attacker would just need to send a large amount of data to sudo through the password prompt field. The vulnerability results from two separate errors in the sudo code."

"Most distros, though, are unaffected," said The Register, "unless defaults were changed, but do check." The security hole is only active if the pwfeedback option is enabled and a few Linux distributions-seemingly Mint and Elementary OS-do enable the option, said Tim Anderson; he added that pwfeedback was generally disabled by default.

Steven Vaughan-Nichols in ZDNet expanded on that: In CVE-2019-18634, Apple Information Security researcher Joe Vennix discovered that if the "pwfeedback" option was enabled in a sudoers configuration file, "any user, even one who can't run sudo or is listed in the sudoers file, can crack a system."

The bug problem has a relevant history. "The sudo version history shows that the vulnerability was introduced in 2009 and remained active until 2018, with the release of 1.8.26b1," said Ars Technica.

Softpedia's Bogdan Papa also explained what was going on. The "sudo" vulnerability flaw involved the "pwfeedback option, enabled by default on distros like Linux Mint and elementary OS. Because of the bug, any user can trigger a stack-based buffer overflow even if they aren't listed in the sudoers file."

Enter the release of version 1.8.31. The maintainers of Sudo released sudo version 1.8.31 with a patch. This includes a patch to block the exploit, said Papa, "but if installing this latest release isn't possible, disabling pwfeedback is the easiest way to stay secure. Only devices where pwfeedback is enabled are exposed to attacks."

Owen expanded on what AppleInsider readers should do about keeping their machines secure. Those who want to know if their Mac is still affected can check out his article in AppleInsider.

Website search

Recently updated

ACT Key Crack Plus Keygen ACT Key Crack & Activation Code Recover passwords for ACT! files
OneNote Password Recovery Key Crack + Activator Download 2020 OneNote Password Recovery Key Crack + Serial Number A password recovery tool that is designed to retrieve passphrases for MS OneNote files by using a combination of various attacks
P2 Commander Crack + Activator Download P2 Commander Crack With License Key 2020 A reliable and effective solution that helps you to perform comprehensive digital forensic examinations and deleted data recovery

Software News

May 30
Smartphone users have a new way to keep their distance-a tool that lets them know when people are getting closer than pandemic guidelines recommend.
May 28
Q: In your column about Microsoft Office 365, you said the user "must go online at least once every 30 days or your PC-based software will stop working." What do you mean by go online? Just connect to the internet? Use the ...
May 27
As more governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension between the need for public health information and privacy rights has been thrust into the spotlight.
May 27
New software designed to help manufacturers better predict and adjust costs may assist organizers one day with huge events such as the Olympic Games.
May 27
Hollywood knows plenty about remakes. The industry has been doing it for decades as the website Film School Rejects noted: With every technological leap, the push to retell a previous film follows. The advent of sound led ...
May 26
A new jailbreak tool that works on almost all iPhones in use today was released Saturday.
May 26
A Chinese local government's proposal for a post-coronavirus health app that ranks citizens based on their smoking, drinking, exercise and sleep habits has sparked fury online over privacy concerns.

About us

Welcome to new crack resource! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.