A recently revealed report has concerned Linux users. Vulnerability testing specialists have revealed a new security flaw in Sudo, one of the most common and important utilities and which is also included as a central command installed in almost any Linux and UNIX-based deployment.
“This security flaw is a problem of
bypassing security policies in Sudo, if exploited, would allow a threat actor
or malicious program to execute arbitrary commands such as root on the compromised
system even if the settings of the explicitly prohibit root access,” the
experts mention.
It should be remembered that Sudo
(superuser do) is a system command that allows users to run applications or
commands with privileges from another user without changing environments. According
to vulnerability testing experts, it is commonly used to execute commands as a
root user.
In most Linux distributions, the ALL keyword in
the RunAs specification in the /etc/sudoers file allows any user in admin or
sudo groups to execute any command like any validated user on the system. This
is a default setting.
Thanks to the separation of privileges (a fundamental
security feature on Linux) an administrator can configure a “sudoers”
file to establish which users can execute certain commands. This vulnerability
is that any user could execute a specific command as the root user, which would
allow full control of the environment.
Tracked as CVE-2019-14287, this vulnerability
was discovered by vulnerability testing expert Joe Vennix. In his report, he
notes that this is a significant severity flaw, as the sudo utility was
designed to allow users to use their own login credentials to execute commands
without administrators having to provide them with a password.
In addition, the expert adds that the
vulnerability can be exploited by a hacker to execute remote commands as root
user by simply specifying the user ID <<-1>> or
<<4294967295>. “The function that converts the ID to username
incorrectly treats the user ID <<-1>> or <<4294967295>.
<<-1>> or <<4294967295> (their unsigned equivalent),
taking them as zero, which is always the root user ID,” adds the expert.
Due to its features it is not possible for the
failure to affect a large number of users, however, specialists from the
International Institute of Cyber Security (IICS) recommend upgrading the sudo
package to the latest version available to mitigate any risk of exploitation.
