It became known about the discovery of a vulnerability in the Sudo (super user do) command for Linux. Exploitation of this vulnerability allows unprivileged users or programs to execute commands with root privileges. It is noted that the vulnerability affects systems with non-standard settings and does not affect most servers running Linux.
The vulnerability occurs when Sudo configuration settings are used to allow commands to be executed on behalf of other users. In addition, Sudo can be configured in a special way, due to which it is possible to run commands on behalf of other users, with the exception of the superuser. To do this, you need to make the appropriate adjustments to the configuration file.
The root of the problem lies in how Sudo handles user IDs. If you enter user ID -1 or its equivalent 4294967295 on the command line, then the command you run can be executed as root. Because the specified user IDs are not listed in the password database, the command does not require a password to be entered.
To reduce the likelihood of issues related to this vulnerability, users are advised to update Sudo to version 1.8.28 or later as soon as possible. The message says that in the new version of Sudo, the -1 option is no longer used as a user ID. This means that attackers will not be able to exploit this vulnerability.
Source: 3dnews.ru