A new security flaw was recently discovered and patched for the well known “sudo” terminal program available on Mac, Linux & other Unix based systems.
“Sudo” allows a regular (not administrator) account to run commands as the root / administrator account. Needless to say, a security flaw in this feature could result in a total compromise of a user’s system. However, a malicious intruder would need at least a regular user account on the system to take advantage of the exploit.
Fortunately, developers have fixed the flaw and most vendors have deployed an update for sudo. The issue was due to how sudo handled user IDs. Specifically, if someone typed sudo with a user ID of -1 or the unsigned equivalent 4294967295 you’d be granted root access. Additionally, since the particular user ID doesn’t actually exist you won’t receive a password prompt to run sudo.
If automatic updates aren’t configured on your system you may need to run the OS’s built-in update program (apt-get, yum, dnf, etc) to receive the fix.