K.S. Bhaskar via plug on 30 Sep 2025 07:57:44 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] sudo flaw

But interestingly, they have given till Oct 20 for Federal agencies to mitigate.

Regards
- Bhaskar

On Tue, Sep 30, 2025 at 8:33 AM jeffv via plug <plug@lists.phillylinux.org> wrote:
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and
Unix Systems

https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html

"Sudo contains an inclusion of functionality from an untrusted control
sphere vulnerability," CISA said. "This vulnerability could allow a
local attacker to leverage sudo's -R (--chroot) option to run arbitrary
commands as root, even if they are not listed in the sudoers file."


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug