A critical vulnerability in Sudo allows gaining root access in almost any Linux distro. The Qualys security research team has discovered a critical vulnerability in Sudo that dates back almost 10 years. The bug dubbed “Baron Samedi” can be exploited by any local user and affects a good part of the Linux distribution ecosystem.
The bug in question can be exploited to gain root privileges, even if the user is not listed in the sudoers file, i.e. the file that controls who, which, with what privileges and on which machines can execute commands, and whether passwords are required.
A critical vulnerability in Sudo allows gaining root access in almost any Linux distro
Sudo is a tool that allows a system administrator to delegate authority to grant certain users (or groups of users) the ability to execute some (or all) commands as root or another type of user while providing an audit trail of commands and their arguments.
Sudo, moreover, is available on virtually all Unix-style operating systems, and this vulnerability was introduced in July 2011, almost 10 years ago. Baron Samedi affects all legacy versions from 1.8.2 to 1.8.31p2, and all stable versions of Sudo from 1.9.0 to 1.9.5p1 in their default configuration.
The researchers were able to test for the vulnerability and develop multiple variants to exploit it in Ubuntu 20.04, Debian 10, Fedora 33, and Gentoo, but indicate that other operating systems and distributions are likely to be affected.
This vulnerability can be exploited in the real world. For example, if botnet operators perform brute-force attacks on low-level accounts, they can exploit the bug in a second part of the attack to help intruders easily gain root access and take full control of a hacked server. And, as discussed on ZDNet, botnet attacks targeting Linux systems using brute force are quite common these days.
The bug was fixed by the Sudo team, who thanked Qualys for their detailed report, the recommendation is to update affected systems as soon as possible. Sudo version 1.9.5p2 should be installed or patched by each vendor.