A vulnerability was found in the sudo command in Linux
Apple specialist Joe Vennix spoke about the vulnerability (CVE-2019-14287) in the sudo command in Linux. It allows unprivileged users to run commands as superuser.
However, this problem only occurs with non-standard configuration settings and does not affect most Linux servers.The sudo command allows unprivileged users with the appropriate superuser permission or password to execute commands with superuser rights on Linux machines. By adding instructions to the / etc / sudoers configuration file, the system can be configured to run commands as a different user, but this is not possible as a superuser. It is with these configuration settings that users can bypass the restrictions and run commands with superuser privileges by adding -u # -1 to the command line, Vennix found out.
The specialist gives an example: the administrator created a sudo user named bob on the mybox server, adding the line mybox bob = (ALL,! Root) / usr / bin / vi to the configuration file. User bob will be able to run the Vi text editor, but if he runs sudo -u # -1 vi he will be able to do so with superuser privileges.
Vennix noted that -u # 1234 can be used as user ID 1234 on the command line with sudo to run commands, in this case Vi. Sudo passes this identifier value through the setresuid and setreuid system calls to change the command”s effective user ID. -u # -1 passes -1 through calls to change the effective identifier to -1. User ID 4294967295 can also work around the restrictions because, as a signed 32-bit integer variable, it is -1.The technician advised users to update sudo to version 1.8.28 or later, as they no longer accept -1 as an identifier
The fix is also available in patch form. Distributions have already fixed the vulnerability in Debian, Arch Linux, SUSE / openSUSE, Ubuntu, Gentoo and FreeBSD.