Serious 10-year-old flaw in Linux sudo command

A vulnerability in sudo can elevate unprivileged users to root privileges. Worth to check by anyone who works on linux: Serious 10-year-old flaw in Linux sudo command; a new version patches it | Network World

1 Like

Had to patch a couple of systems last week.

Btw on SLES it’s a bit different it doesn’t show the usage statement.

without patch (vulnerable system):

~> sudoedit -s /
sudoedit: /: not a regular file

with patch (non-vulnerable system):

~> sudoedit -s /
sudoedit: invalid mode flags from sudo front end: 0x20002
sudoedit: unable to initialize policy plugin