

Rewterz Threat Alert – OpenCarrot Malware Identified in Financial Sector
October 15, 2019
Rewterz Threat Alert – Elaborate Crypto Trading Scheme to Install Malware
October 15, 2019
Rewterz Threat Alert – OpenCarrot Malware Identified in Financial Sector
October 15, 2019
Rewterz Threat Alert – Elaborate Crypto Trading Scheme to Install Malware
October 15, 2019Severity
High
Analysis Summary
Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL in the Runas specifier.
Impact
Security bypass
Affected Vendors
Sudo
Affected Products
Sudo versions prior to 1.8.28 are affected
Remediation
The bug is fixed in sudo 1.8.28