LinuxSecurity.com: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server. The Common Vulnerabilities and Exposures project identifies the [More...]
I often hear people citing sudo as one of the main barriers to malware infecting a Linux computer.
The most commen argument seems to go along the lines of: Root privileges are required to modify system configuration, and a password is required to gain root privileges, so malware can't modify system configuration without prompting for a password.
But it seems to me that by default on most systems
LinuxSecurity.com: Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to [More...]
LinuxSecurity.com: Martin Barbella discovered an integer overflow in an XSLT node sortingroutine. An attacker could exploit this to overflow a buffer and cause adenial of service or possibly execute arbitrary code with the privileges ofthe user invoking the program. (CVE-2010-1199) [More...]