sudo Command with 'Defaults pwfeedback' in sudoers File Enables 'Make Anyone Root' Bug
upstart writes in with an IRC submission for carny:
Sudo, a standard tool on Unix-y operating systems that lets select users run some or all commands as root, can be exploited to give superpowers to any logged-in user - if deployed with a non-default configuration.
This security hole, discovered by Joe Vennix at Apple Information Security, is only active if the pwfeedback option is enabled. This option shows an asterisk each time a key is pressed, when entering a password. The good news is that pwfeedback is generally disabled by default.
[...] If sudo is installed and vulnerable, any user can trigger the vulnerability, even if not listed in the sudoers list of those with sudo privileges.
[...] You can tell if you are vulnerable by running sudo -l and checking the output. If the word pwfeedback appears under Matching Defaults entries, it is potentially at risk. The next thing to do is to check the version number with sudo --version. Versions 1.7.1 to 1.8.25p1 inclusive are vulnerable. The bug is fixed in sudo 1.8.31, available now, and versions 1.8.26 to 1.8.30 are not exploitable.
[...] The [interim] solution is to disable pwfeedback in the sudoers file, as explained in the linked article.
Better yet, upgrade your copy of sudo so it no longer contains this bug.
Read more of this story at SoylentNews.