Canonical Fixes Sudo Exploit for All Ubuntu OSes

In order to fix the vulnerability, users will have to update the system

By Silviu Stahie on February 28th, 2013 15:32 GMT

On February 28, Canonical published in a security notice details about a Sudo vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS, and Ubuntu 8.04 LTS operating systems.

According to Canonical, Sudo could be made to run programs as the administrator without a password prompt.

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

The security flaws can be fixed if you upgrade your system(s) to the latest sudo and sudo-ldap packages, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Ubuntu 12.10 desktop
   Ubuntu 12.10 desktop
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments