Patches to make Sudo utility less open to abuse

The patch is for a "potentially serious bug," said Goodin, where unprivileged users can take on root privileges on vulnerable systems.

This is all about Sudo, a "very popular, very simple" sysadmin application, said ZDNet.

Sudo is used in a range of Linux and Unix-based systems, including Apple macOS. Apple released a patch update for macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2, wrote Mohit Kumar in The Hacker News.

Sudo, said Stephen Vaughan Nichols in ZDNet, is easy to abuse. Yet another way of saying it, in ZDNet: "it's so darn useful, until it's not."

Sudo has weight as "one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system," said Kumar. Malcolm Owen in AppleInsider also talked about Sudo in general. It has the potential to cause havoc if misused.

"The vulnerability, tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1," said Ars Technica. "It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback."

In the vulnerable versions, an attacker could take advantage of a pair of separate flaws in order to gain root privileges. The problem was not just a "Mac thing" but AppleInsider made note that the vulnerability was found by an Apple security employee Joe Vennix.

Decipher: "The risk of exploitation is quite high for systems on which the pwfeedback option is enabled. In order to exploit the bug, an attacker would just need to send a large amount of data to sudo through the password prompt field. The vulnerability results from two separate errors in the sudo code."

"Most distros, though, are unaffected," said The Register, "unless defaults were changed, but do check." The security hole is only active if the pwfeedback option is enabled and a few Linux distributions-seemingly Mint and Elementary OS-do enable the option, said Tim Anderson; he added that pwfeedback was generally disabled by default.

Steven Vaughan-Nichols in ZDNet expanded on that: In CVE-2019-18634, Apple Information Security researcher Joe Vennix discovered that if the "pwfeedback" option was enabled in a sudoers configuration file, "any user, even one who can't run sudo or is listed in the sudoers file, can crack a system."

The bug problem has a relevant history. "The sudo version history shows that the vulnerability was introduced in 2009 and remained active until 2018, with the release of 1.8.26b1," said Ars Technica.

Softpedia's Bogdan Papa also explained what was going on. The "sudo" vulnerability flaw involved the "pwfeedback option, enabled by default on distros like Linux Mint and elementary OS. Because of the bug, any user can trigger a stack-based buffer overflow even if they aren't listed in the sudoers file."

Enter the release of version 1.8.31. The maintainers of Sudo released sudo version 1.8.31 with a patch. This includes a patch to block the exploit, said Papa, "but if installing this latest release isn't possible, disabling pwfeedback is the easiest way to stay secure. Only devices where pwfeedback is enabled are exposed to attacks."

Owen expanded on what AppleInsider readers should do about keeping their machines secure. Those who want to know if their Mac is still affected can check out his article in AppleInsider.

Website search

Recently updated

VIRUSfighter VIRUSfighter An antivirus software that provides protection against various threats, cleans up malicious components and runs discreetly in the background
AVG Internet Security AVG Internet Security Safely browse the Internet, stay protected and prevent data theft attempts and periodically scan your computer for virus threats
AVG Antivirus Free AVG Antivirus Free Top-grade antivirus application with basic protection against all forms of malware, in addition to email, identity and web browsing safety

Software News

Apr 1
What does the design of a building or bridge have in common with an electric circuit or a loudspeaker? Well, if you want it done properly, then you the need ability to solve eigenvalue problems.
Mar 31
A new social music app is pushing the boundaries of music creation by making recording artists out of novices with little to no musical training or traditional talent.
Mar 31
Microsoft is overhauling its Office 365 subscription with a new focus on consumers, changing the name to Microsoft 365 and throwing in tons of new features for Word, Excel, PowerPoint, Outlook and Skype.
Mar 25
My biggest worry so far in "Animal Crossing: New Horizons?" Whether I remembered to water my newly-planted pear trees.
Mar 25
Our world has been shaken by a deadly microscopic virus that has forced us to change the routines of our lives in major ways, routines that may never completely return to normal.
Mar 20
It appears Google is preparing to roll out a new file sharing feature when it unveils Android 11 later this spring.
Mar 18
Virtual reality headsets and application programs for VR are not gaining traction with users because of a chicken-and-egg dilemma, lack of VR content and slow market penetration of custom-made VR units.

About us

Welcome to new crack resource! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.