Recently, Qualys identified a vulnerability in the Linux sudo command, which allows a local user or an attacker to gain unauthorized root privileges on a system. Because the sudo command is one of the oldest and most widely used commands on a Linux system, the inherent dangers significantly elevate this security issue’s importance. The majority of the web runs on Linux, so this vulnerability will affect most of the web.
Since becoming aware of this vulnerability, Nexcess has been working diligently to plan and implement our customers’ best resolution. Our security and engineering teams have been working with our vendors and have already begun deploying the required patches for this vulnerability.
What is Sudo?
The sudo command allows a user to assume another user’s role and rights and run commands or programs as that user or a superuser (e.g. root) as denoted in the sudo security policy. This weak point lets a user run elevated commands even if the user is not listed in the /etc/sudoers file. The sudoers file is a configuration file that controls the users who are allowed access to the su or sudo commands. The sudo security policy determines the level of privileges a user has to run commands using sudo. The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. The newest version of sudo (Sudo v1.9.5p2) has addressed and mitigated the flaw. The bug was originally introduced in July 2011 (commit 8255ed69) and has existed until now.
Further status updates are available at Nexcess’s Status Page.
Updates will be added to this post when they become available.
As always, if you have any questions regarding your account, please don’t hesitate to contact our support team, via chat or give us a call at 1-866-639-2377. We are happy to help!