Linux Sudo Vulnerability (CVE-2019-14287): “In Sudo before 1.8.28, an attacker can run commands as root just by specifying the user ID as “-1” or “4294967295” when the non-default sudoers configuration entry allows a user to run a command as any user except root.”
Sudo is one of the most important, powerful and commonly used utilities that comes as a core command pre-installed on almost every Linux based operating system. Sudo program allows users to run programs with the security privileges of another user, by default the superuser.
In Sudo before 1.8.28, an attacker can run commands as root just by specifying the user ID “-1” or “4294967295” when the non-default sudoers configuration entry allows a user to run a command as any user except root.
someuser myhost=(ALL, !root)/usr/bin/somecommand
The Linux Sudo Vulnerability (CVE-2019-14287) stems from an integer overflow, where user IDs of “-1” or “4294967295” incorrectly treated as “0”, which is always the user ID of the root user.
An unprivileged user can gain unauthorized root user privileges.
Category: Elevation of Privilege (Root User)
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Solution (Check Configuration)
To defend against possible attacks due to Linux Sudo Vulnerability (CVE-2019-14287), sudoers configuration file needs to be checked whether the configuration file have a runs user that includes an exclusion or root.
Time is what determines security. With enough time nothing is unhackable.Aniekee Tochukwu Ezekiel
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about other Linux Sudo vulnerabilities, you could also read our articles:
You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?