The “sudo” command (that lets Linux or Unix-based users run tasks with elevated permissions) had a flaw that allowed a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. This bug can be exploited by an attacker to run commands as root just by specifying the user ID “-1” or “4294967295”. The function that converts user id into username incorrectly treats -1 or 4294967295 (its unsigned equivalent) as 0, which is the user ID of root. Users can fix this flaw by updating the sudo package to 1.8.28 or newer.
sudo -u#-1 id -u
or
sudo -u#4294967295 id -u
Source:
https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
Leave a Reply
You must be logged in to post a comment.