WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Linux sudo flaw (CVE-2019-14287)  (Read 2191 times)

Offline Rudock1

  • Jr. Member
  • **
  • Posts: 62
Linux sudo flaw (CVE-2019-14287)
« on: October 16, 2019, 11:13:01 AM »
Hi all,

Just thought I'd share a recent article about sudo.  I realize our TC approaches root, su and sudo differently than most other distributions, but I'd appreciate hearing from our resident experts with any opinions, concerns or suggestions.

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

thx
Billy

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11049
Re: Linux sudo flaw (CVE-2019-14287)
« Reply #1 on: October 16, 2019, 01:14:14 PM »
That vulnerability lets you become root with sudo, if the config is set such that you can become another non-root user but not root. Our config, like that of most distros, lets you become root only; further, there is no password for it by default, so this vuln doesn't really concern TC.
The only barriers that can stop you are the ones you create yourself.

Offline vinceASPECT

  • Hero Member
  • *****
  • Posts: 809
Re: Linux sudo flaw (CVE-2019-14287)
« Reply #2 on: October 17, 2019, 05:09:49 PM »
Yes ........forum,


There are vulnerability's abound.   That is how all the worlds handhelds are vulnerable. Billions of devices. Due to CPU vulnerability's.

The same is true of Msoft.  The free Hirens Boot  CD ....allows (with simple usage)  a novice user to access any windows networked machines.  Simply bypassing all manners of security logins at ***any*** level.

Just put my 2 cents.......   sudo Gone to SPECSAVERS........(  jokin)

Vince.