Possible to inject in the middle of a ROOT NOPASSWD command with a wild card?

I’m testing for privilege escalations on a Ubuntu 18.04 host, and after running sudo -l , I’ve discovered a couple of root NOPASSWD commands for a standard user (w/unknown password). These commands contain wild cards.
Example: (root) NOPAS… Continue reading Possible to inject in the middle of a ROOT NOPASSWD command with a wild card?

The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)

Linux and Unix operating systems require regular patching like any IT system, but as security professionals, ethical hackers, and criminal hackers will tell you, regular Linux and Unix patching is often neglected.

CVE-2021-3156 sudo Vulnerability
Last… Continue reading The Linux Flaw you can’t afford to Ignore (CVE-2021-3156)

This Week in Security: Sudo, Database Breaches, and Ransomware

Obligatory XKCD

Sudo is super important Linux utility, as well as the source of endless jokes. What’s not a joke is CVE-2021-3156, a serious vulnerability around incorrect handling of escape characters. This bug was discovered by researchers at Qualys, and …read more

Continue reading This Week in Security: Sudo, Database Breaches, and Ransomware

Can a sudo account access my browser sessions (e.g. Stack Exchange) remotely? [duplicate]

Suppose I am logged in to Stack Exchange on Firefox on my work computer. This session is clearly stored as a cookie (or something else), because it persists when I reboot the computer. I have sudo access on my computer, but so does the net… Continue reading Can a sudo account access my browser sessions (e.g. Stack Exchange) remotely? [duplicate]

On a single user laptop does it make sense to have a separte password for root and the user?

I have a laptop on which I’m the only user. While installing the laptop I was wondering why I should choose a different password for the root account and user account. My reasoning is:

The change of finding a valid password doubles if the… Continue reading On a single user laptop does it make sense to have a separte password for root and the user?