Yet Another Sudo Bug

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.  See for details, how to determine if your system(s) is/are vulnerable, and how to fix with a simple configuration change.

The default settings for MacOS and a number of common Linux distributions are such that sudo on those platforms is not vulnerable but the defaults on a few distros are vulnerable, e.g., Mint and Elementary OS.  This vulnerability is being tracked as CVE-2019-18634.

  • ITTC 36
  • (319) 273-5555
  • Service Hub