Patches available for Linux Sudo vulnerability

Red Hat, Debian and other Linux distributions released patches yesterday for high-severity vulnerability in sudo that could be abused by a local attacker to gain root privileges. Sudo is a program for Linux and UNIX systems that allows standard users to run specific commands as a superuser, such as adding users or performing system updates.

Researchers at Qualys found the vulnerability in sudo’ s get_process_ttyname function that allows a local attacker with sudo privileges to run commands as root or elevate privileges to root.

“ On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process’ s tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include white space (including newline), which sudo does not account for,” the sudo advisory said. “ A user with sudo privileges can cause sudo to use a device number of the user’ s choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number.”

Red Hat security team has released an issue stating that if the issue is left unresolved would attacker to circumvent the controls and do more than that. The attacker has to already be on a server and grant access to commands via sudo for the vulnerability to be exploited.

Red Hat said it released fixes yesterday for Red Hat Enterprise Linux 6, as well as Red Hat Enterprise Linux 7. Other distributions such as Debian, SUSE Linux were also patched successfully.