Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identify sudo misconfigurations that can aid in privilege escalation.

The most glaring misconfiguration is running an outdated version of sudo, especially one that has known vulnerabilities. There is simply no excuse for it, and often the best course of action from a defensive point of view is just… more


Go to Source

 

Comments are closed.