Red Hat, Debian and other Linux distributions yesterday pushed out patches for a high-severity vulnerability in sudo that could be abused by a local attacker to gain root privileges.
Sudo is a program for Linux and UNIX systems that allows standard users to run specific commands as a superuser, such as adding users or performing system updates.
In this case, researchers at Qualys found a vulnerability in sudo’s get_process_ttyname function that allows a local attacker with sudo privileges to run commands as root or elevate privileges to root.
Read more at ThreatPost