Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems.
The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even those off of sudoers list, to gain root access. It has been patched in the latest release of sudo.
“Any user – even the lowest of the low privileged – can access root,” said Mehul Revankar, vice president of product management and engineering at Qualys.
Though other Sudo vulnerabilities have been found in the past, it’s rare that a bug affects any account, rather than accounts meeting specific conditions.
“We expect millions of systems to be affected,” said Revankar.
The name is a play on Voodoo loa (and occasional James Bond villain) Baron Samedi and sudoedit. Samedi is the top-hatted master of the dead, preventing the buried from returning as zombies. Sudoedit allows users with lesser privileges edit files.
U.S. Cyber Command and others have rushed to recommend Unix and Linux users update systems.
“We recommend applying patches as soon as available. This is a far more dangerous #Sudo vulnerability than seen in the rescent [sic] past,” tweeted CYBERCOM midday Wednesday.
Revankar said that the reason the vulnerability went under the radar since being introduced in 2011 was likely that it requires two vulnerabilities to operate, and people who found only one may not have seen the full picture.
“It’s one of the most beautiful bugs I’ve seen,” said Revankar. “And if it fell into the wrong hands, very bad things could happen.”