DataEndure | Managed Cybersecurity. It's about time.

Services
- Managed Services
  Cloud Security
  
  Email Security
  
  Endpoint Security
  
  Network Security
  
  N-SOC
  
  Compliance
  GRC
  
  Readiness Assessments
  
  Risk Management
  
  Complimentary Health Checks
  Network Health Check
  
  Resiliency Workshop
  
  Security Health Check
  
  In-Depth Assessments
  Application Dependency Mapping
  
  CISO Assessment
  
  Dark Data Assessment
  
  Network Assessment
  
  Penetration Testing
  
  Why Layered Defense is Critical
  
  Layered security is about protecting all vectors that have access into your network, and the network is no longer just inside your datacenter. It's wherever your endpoints, people, data, and assets reside.
  
  View the Video >>
Expertise
- Security & Compliance
  Layered Defense Strategy
  
  Cyber Threats & Solutions
  
  Information Management
  Data Resilience
  
  Cloud & Data Science
  Digital Transformation
  
  Infrastructure
  Scale and Efficiency
  
  Network
  Network Resilience
  
  What does "Good" Cybersecurity look like?
  
  Discover key insights for robust cybersecurity, addressing critical gaps and navigating evolving threats.
  
  Read the Blog >>
Industries
Company
- About Us
  Leadership
  
  News
  
  In the Community
  
  Careers
  
  Contact Us
  
  Partners
  Strategic Partners
  
  Technology Partners
  
  Partner Program
  
  Leading the Way Through Change
  
  Explore over 40 years of industry leadership and lasting impact as we delve into the remarkable history of Data Endure.
  
  Learn More >>
Resources
- Learn
  Security Advisories
  
  Blog
  
  Case Studies
  
  Podcast
  
  Events
  
  Videos
  
  White Papers
  
  Connect
  Contact Us
  
  Newsletter Sign Up
  
  Partner Program
  
  Watch our Tech Talk Series
  
  Stay up to date on the latest in cybersecurity with our monthly Tech talk series.
  
  Watch the Series >>

Security Advisory: Buffer Overflow Found in Sudo

February 6, 2020

Situation
A buffer overflow was found in Sudo that allows a low privileged user to execute commands as root without authentication. This is due to a bug in the “pwfeedback” option. By default, “pwfeedback” is not enabled but there are some Linux distros that do have it enabled by default.

Problem
This allows attackers to easily perform privilege escalation on Linux or MacOS machines.

Implication
An attacker who is able to access any Linux or MacOS machine can run any command as root.

Need
The maintainers of Sudo have released a patch, 1.8.31, that addresses this issue. Apple has also released a patch for High Sierra 10.13.6, Mojave 10.14.6, and Catalina 10.15.2.

Learn More
https://thehackernews.com/2020/02/sudo-linux-vulnerability.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience

+ +

Chat with usLiveChat