A critical vulnerability in Sudo allows you to gain root access on almost any Linux distro

Qualys security research team has discovered a critical vulnerability in Sudo that dates back almost 10 years. The bug named "Baron Samedit" can be exploited by any local user and affects a good part of the Linux distribution ecosystem.

The fault in question can be exploited to gain root privileges even if the user is not listed in the file sweaters, that is, the file that controls who, what, with what privileges and on which machines commands can be executed and if passwords are required.

Can be exploited to gain root access and take full control of a server

Linux Sudo Bug

Sudo is a tool that allows a system administrator to delegate authority to grant certain users (or groups of users) the ability to execute some (or all) commands as root or another type of user while providing an audit trail of the commands and their arguments.

I also sweat is available on virtually all Unix-style operating systems, and this vulnerability was introduced in July 2011, almost 10 years ago. Baron Samedit affects all legacy versions from 1.8.2 to 1.8.31p2, and all stable versions of Sudo from 1.9.0 to 1.9.5p1 in their default settings.

The researchers were able to verify the existence of the vulnerability and develop multiple variants to exploit it on Ubuntu 20.04, Debian 10, Fedora 33, and Gentoo, but indicate that other operating systems and distributions are likely affected.

If you have migrated to Linux and don't know what software to install, here are several recommendations

This vulnerability can be exploited in the real world. For example, if botnet operators perform brute-force attacks on low-level accounts, they can exploit the bug in a second part of the attack to help intruders gain root access easily and take full control of a hacked server. And, as ZDNet has commented, botnet attacks targeting Linux systems using brute force are quite common today.

The bug was corrected by the Sudo team, who thanked Qualys for their detailed report, the recommendation is to update the affected systems as soon as possible. Sudo version 1.9.5p2 must be installed or patched by each vendor.