The break that broke sudo!

The vulnerability in Linux sudo command which would allow an attacker to masquerade as an authorized user was recently-patched however, not all configurations are affected by this bug. Paul Ducklin from Sophos research center has published an interesting account of the break that broke sudo! The bug in sudo is due to a missing break statement in its configuration file which would result in users being authenticated when they shouldn’t be. This would happen for users whose sudo access is regulated by network masks. Sudo’s main purpose is to let you enjoy root-like powers in a controlled way.

Read Paul’s post here – http://nakedsecurity.sophos.com/2012/05/21/anatomy-of-a-security-hole-the-break-that-broke-sudo/

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top