Linux sudo vulnerability could lead to unauthorized privileged access

Exploiting a newly discovered sudo vulnerability in Linux could allow certain users to run commands as root, although there are restrictions on this.

A serious vulnerability was recently discovered in the sudo command that, if exploited, could allow a normal user to run commands as root, even if the user was explicitly prohibited from doing so in the /etc/sudoers file.

Updating sudo to version 1.8.28 should resolve the issue, so Linux administrators are advised to do so as soon as possible.

How this vulnerability is exploited depends on the specific permissions granted in /etc/sudoers . For example, a rule that allows a user to edit files as any user except root will actually allow that user to edit files as root as well. In this case, the vulnerability could lead to very serious problems.

For a user to be able to exploit this vulnerability, they need to have been assigned privileges in /etc/sudoers that allow that user to run commands as another user, and the vulnerability is limited to command privileges assigned in this way.

This issue affects versions prior to 1.8.28. To check your sudo version, use the following command:

$ sudo -V
Sudo version 1.8.27 <===
Sudoers policy plugin version 1.8.27
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.27

The vulnerability has been assigned the number CVE-2019-14287 in the CVE database. The risk is that any user who is specified to be able to run a command as any user, even if explicitly prohibited from running as root, can escape restrictions.

The following lines allow jdoe to edit files using vi as anyone other than root (!root means "non-root"), while giving nemo the ability to run id commands as any user other than root:

# affected entries on host "dragonfly"
jdoe dragonfly = (ALL, !root) /usr/bin/vi
nemo dragonfly = (ALL, !root) /usr/bin/id

However, due to a vulnerability, any of these users could either bypass restrictions and edit files as root, or run the id command as root.

An attacker can run commands as root by specifying a user ID of -1 or 4294967295.

sudo -u#-1 id -u

or

sudo -u#4294967295 id -u

A response of 1 indicates that the command was run as root (displaying root's user ID).

Joe Vennix from Apple's Information Security team found and analyzed the issue.

Summarize

The above is the Linux sudo vulnerability that I introduced to you that may lead to unauthorized privileged access. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!