Data Security

Newly discovered Sudo bug lets unauthorized users gain root access

“Sudoing” lately?

Linux or any Unix-based platform users are well aware of the Sudo command. In Unix and Linux, the Sudo keyword lets users gain special privileges to execute certain commands, which normally they cannot execute. Sudo command is perhaps one of the most significant of all commands in the Linux/Unix framework and if misused, it can put the device’s security in danger. And, that’s exactly what has happened.

An interesting Sudo command exploit has been discovered by Joe Vennix, Apple’s security researcher. In the Common Vulnerabilities and Exposure Database, this bug has been categorized as CVE-2019-14287

The problem occurs due to the way Sudo command treats user IDs. What happens is that the user ID is changed to either -1 or it unsigned equal 4294967295 using this command, which means any normal user can spoof his/her identity and execute restricted commands on the device.

It is worth noting that the user ID will be changed to 0, which will provide the user root access. However, the system should have a non-standard configuration to be exploited. Therefore, Linux computers are not vulnerable to this bug. In fact, only those entries are accepted by the system that has ALL keyword in the Runas specifier. Such as if you have entered myhost bob= (ALL, !root) /usr/bin/vi, the bug can be exploited. 

The good news is that the bug has already been fixed in Sudo version 1.8.28. This version treats ID of -1 as invalid and hence, the privileges remain the same. It is recommended that you patch your machine against the exploit by updating the Sudo command with the new version.

Comments
To Top

Pin It on Pinterest

Share This