The Qualys Research Team found a heap overflow vulnerability in sudo, a common and most used utility on Linux, which gives root privileges to any local user. Linus’ law of ‘given enough eyeballs, all bugs are shallow’ didn’t hold water in this case as like many open-source vulnerabilities this one was around since 2011, for almost 10 years now. We invited Polyverse CTO Archis Gore to our show “Secure IT” to discuss not only this vulnerability but also how Polyverse users are fully immune to any exploitation from the bug.
Here are some of the topics we covered in the show:
- What exactly is sudo bug?
- It can only be exploited locally; it’s not remote exploitation. What does this really mean for security? How worried should we be?
- Are there any exploitation already in the wild?
- What does it mean for Polyverse users?
- Why everyone should use polymorphing?