![]() ![]() ![]() What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295." Text The vulnerability, tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security, is more concerning because the sudo utility has been designed to let users use their own login password to execute commands as a different user without requiring their password. Also keep in mind that an attacker also needs to get on the system first as well, which reduces the risk some. There are no reports of active attacks, but I imagine that won't take long to change. If you are one of these, make sure to update Sudo to version 1.8.28. This vulnerability effects those who configure the sudoers file for granular access. However, admins can choose to give certain users access to only specific commands for privilege separation. By default (and for most installs), admins and sudo users can run any command. Reported yesterday, a vulnerability has been found with the SUDO functionality within *nix-based systems for those who use the sudoers file. Starting off today with a big one that's making the rounds and something some of you may have seen. Today's brief covers the vulnerability with Sudo that shouldn't affect too many of you out there, two big ransomware stories that have happened this week, a warning from a fellow Spicehead on phishing, ATM attacks are on the decline, except for a new method, a new cloud breach with an API twist, Microsoft adding more defensive features, spy chips are cheap to use, and a funny! Good morning and welcome to today's brief. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |