{"id":6339,"date":"2019-10-15T01:42:49","date_gmt":"2019-10-15T05:42:49","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/?p=6339"},"modified":"2019-10-15T01:42:49","modified_gmt":"2019-10-15T05:42:49","slug":"sudo-flaw-lets-linux-users-run-commands-as-root-even-when-theyre-restricted","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/2019\/10\/15\/sudo-flaw-lets-linux-users-run-commands-as-root-even-when-theyre-restricted\/","title":{"rendered":"Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted"},"content":{"rendered":"

The “sudo” command (that lets Linux or Unix-based users run tasks with elevated permissions) had a flaw that allowed a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. \u00a0This bug can be exploited by an attacker to run commands as root just by specifying the user ID “-1” or “4294967295”.\u00a0 The function that converts user id into username incorrectly treats -1 or 4294967295 (its unsigned equivalent) as 0, which is the user ID of root. \u00a0Users can fix this flaw by updating the sudo package to 1.8.28 or newer.<\/p>\n

sudo -u#-1 id -u
\nor
\nsudo -u#4294967295 id -u<\/p>\n

Source:<\/p>\n

https:\/\/thehackernews.com\/2019\/10\/linux-sudo-run-as-root-flaw.html<\/a><\/p>\n

https:\/\/www.sudo.ws\/alerts\/minus_1_uid.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The “sudo” command (that lets Linux or Unix-based users run tasks with elevated permissions) had a flaw that allowed a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. \u00a0This bug can […]<\/p>\n","protected":false},"author":22906,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[805801],"tags":[],"class_list":{"0":"post-6339","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-08-social-engineering-encoding-and-encryption","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/posts\/6339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/users\/22906"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/comments?post=6339"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/posts\/6339\/revisions"}],"predecessor-version":[{"id":6340,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/posts\/6339\/revisions\/6340"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/media?parent=6339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/categories?post=6339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall2019\/wp-json\/wp\/v2\/tags?post=6339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}