iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK

IT News

Nov 15
The newly discovered Pipka script can delete itself from a website after execution, making it very difficult to detect.
Nov 15
Jamf has built a unique event that digs deep into the community it serves and echoes the big shows Apple used to put on.
Nov 15
Enterprises will soon have access to Azure Arc and Azure Synapse Analytics, two new services that bolster Microsoft's cloud offerings.
Nov 15
The latest version of Windows 10 is little more than a rerun of the May version of the operating system, though it does offer a few new features.
Nov 14
On the same day it unveiled its newest laptop, the company also announced that the new Mac Pro will ship in December.
Nov 13
The software, initially designed to help IT teams track and resolve service requests, can now be configured for use in non-tech areas such as HR and legal.
Nov 13
IBM, which has embraced Apple hardware in a big way, says the employees who use Macs are more likely to stay at the company - and are more productive. The insights came at this weeks Jamf Nation User Conference.

Categories

Linux sudo flaw can lead to unauthorized privileges

A newly discovered and serious flaw in the sudo command can, if exploited, enable users to run commands as root in spite of the fact that the syntax of the  /etc/sudoers file specifically disallows them from doing so.

Updating sudo to version 1.8.28 should address the problem, and Linux admins are encouraged to do so as soon as possible.

How the flaw might be exploited depends on specific privileges granted in the /etc/sudoers file. A rule that allows a user to edit files as any user except root, for example, would actually allow that user to edit files as root as well. In this case, the flaw could lead to very serious problems.

For a user to exploit the flaw, a user needs to be assigned privileges in the /etc/sudoers file that allow that user to run commands as some other users, and the flaw is limited to the command privileges that are assigned in this way.

This problem affects versions prior to 1.8.28. To check your sudo version, use this command:

The vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database. The risk is that any user who has been given the ability to run even a single command as an arbitrary user may be able to escape the restrictions and run that command as root - even if the specified privilege is written to disallow running the command as root.

The lines below are meant to give the user "jdoe" the ability to edit files with vi as any user except root (!root means "not root") and nemo the right to run the id command as any user except root:

However, given the flaw, either of these users would be able to circumvent the restriction and edit files or run the id command as root as well.

The flaw can be exploited by an attacker to run commands as root by specifying the user ID "-1" or "4294967295."

The response of "1" demonstrates that the command is being run as root (showing root's user ID).

Joe Vennix from Apple Information Security both found and analyzed the problem.

This story, "Linux sudo flaw can lead to unauthorized privileges" was originally published by Network World.