# Fixing Linux Sudo Vulnerability using Endpoint Central

## What is the vulnerability?

A publicly disclosed vulnerability in sudo affects all Linux endpoints. This vulnerability (CVE-2019-14287), when exploited, enables attackers to surpass security restrictions and run commands as the root user.

Using Desktop Central, you can detect and fix this vulnerability as follows:

## Detection using Script

1. Go to **Desktop Central console > Configurations > Script Repository > Templates**.
2. Select the script **CheckSudoVulnerability.sh** and click **Add to Repository**.
3. From the **Repository** tab, click **Actions** to create a computer configuration to deploy the script.
4. Define your target (it is recommended to include all Linux machines).
5. Select **Enable Logging** to be informed of the execution status of the script, and deploy immediately.

If the system is unaffected by the vulnerability, the script execution will be a success. If the vulnerability can be exploited on the system, the script deployment will fail in the Desktop Central console.

![message: system is vulnerable](https://www.manageengine.com/products/desktop-central/images/linux_1.png)

## Fixing using Patch Deployment

As of now, only Ubuntu and Debian have released patches for this vulnerability in bulletins **USN-4154-1** and **DSA 4543-1**.

To deploy the patches, follow these steps:

1. Navigate to **Patch Management > Missing Patches**.
2. Search for these patches using the mentioned Bulletin IDs.
3. Select the patches and deploy.

![Patch IDs in Desktop Central Console](https://www.manageengine.com/products/desktop-central/images/linux_2.png)

Secure your Linux endpoints immediately using Desktop Central!

If you still find issues with remediating this vulnerability, feel free to contact our support team at [endpointcentral-support@manageengine.com](mailto:endpointcentral-support@manageengine.com).