|
jeffv via plug on 30 Sep 2025 05:33:45 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: jeffv via plug <plug@lists.phillylinux.org>
- To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Subject: [PLUG] sudo flaw
- Date: Tue, 30 Sep 2025 08:33:40 -0400
- Authentication-results: smtp04.aqua.email-ash1.sync.lan smtp.user=<hidden>; auth=pass (LOGIN)
- Dkim-signature: v=1; a=rsa-sha1; d=op.net; s=20180222; c=relaxed/simple; q=dns/txt; i=@op.net; t=1759235621; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=MTajjrsOfCob37eMCZgXjSWavPk=; b=Qt5sXLCPGGFk95RIMPSvmk/OH+a5pZa5m6tkB43Qcf07YL/U31tOpPbk/VoC/gzG R27d5t7LsLmAy+c8081X0mC6SYgCNsNhs2nDhltcRLU36IyZwiF3YiMw0ueL38rX KqcxnxYWddcqdn5aRf+9c8RZiBcL1mrCx5amMJRhwT9mJzOw/KFtb2d1jEyYFKrN a2gq+rpXtnPFcQ3WI4TwMX5eit/FewY5Z4inKJ6G6eDGMKM5xjK4cDTmab7XPRAW OS5H7V/odqlXlp0CjT7cpOvet4K27dVnKXFRJN42Dc0ee8/HwF1nDMWiwt3H832g YsXzAWW7R+NibmY/x7eXeQ==;
- Reply-to: jeffv <jeffv@op.net>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla Thunderbird
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and
Unix Systems
https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html
"Sudo contains an inclusion of functionality from an untrusted control
sphere vulnerability," CISA said. "This vulnerability could allow a
local attacker to leverage sudo's -R (--chroot) option to run arbitrary
commands as root, even if they are not listed in the sudoers file."
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug