• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2020 ■ William Bailey
  • Home
  • INSTRUCTOR
  • SYLLABUS
  • Gradebook

Week 08: SUDO CVE-2019-14287

October 17, 2019 by William Bailey 8 Comments

During this week we discussed the risks of malware that obtains the ability to operate within the kernel, and a Linux vulnerability  reported regarding SUDO when the SUDOers file is set up to allow all users except root to run certain programs as “SuperUserDO”, e.g. vi, the text editor.

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

With this week’s topic about malware, what does this vulnerability mean in regards to the likelihood and/or impact of the damage posted by malware?

 

Filed Under: Week 08: Malware Tagged With:

Reader Interactions

Comments

  1. Kelly Sharadin says

    October 21, 2020 at 1:29 pm

    The sudo vulnerability essentially gives malware the ‘keys to the kingdom’ in terms of its ability to execute tasks as a privileged user, significantly increasing the level of damage to the host as there is no limit to what commands can be run. As a sys admin you could potentially lose control over groups and users. Malware exploiting this vulnerability could easily add unauthorized users to groups if the organization doesn’t have any auditd logging configured. An attacker could use this vulnerability for persistence into an environment and remain relatively undetected. Adversely, an attacker could simply lock out any legitimate users altogether. The sky is really the limit in this scenario and tactics deployed would be determined by the attackers end goal such as persistence vs destruction.

    Log in to Reply
  2. Nicholas Fabrizio says

    October 22, 2020 at 3:16 pm

    A vulnerability which allows users to execute commands as root that were not setup to have those privileges could have a serious impact. This vulnerability, CVE-2019-14287, has a base score of 8.8 and the reason it has a higher number is because having root access allow a user to make any changes they want on the machine. If malware were installed on the machine and exploited this vulnerability the malware could make changes to the machine’s configurations allowing an attacker to gain remote access. This could result in information being stolen, ability to pivot to additional systems, destruction of information, and much more.

    Log in to Reply
  3. Anthony Wong says

    October 23, 2020 at 5:03 am

    If the sudo vulnerability is left unpatched, the likelihood and impact of malware is extremely high. An attacker would only need to gain access to one user ID and then the vulnerability can be easily exploited. The attacker can specify the compromised user ID with “-1” or “4294967295” and can instantly gain the highest level of access. Once this is achieved, the attacker can essentially do anything they want. The installation of malware on the machine can introduce a whole array of problems for an organization. One compromised machine can quickly lead to an entire network being affected.

    Log in to Reply
  4. Zhuofu Wang says

    October 23, 2020 at 6:40 pm

    This sudo vulnerability would allow the malicious user to execute arbitrary commands as root on a targeted Linux system, which is dangerous. The attacker may gains admin permissions, remote access, and collect information. If the attacker takes complete control over the system as root, he can inject malicious files into the system to obtain the information he needs and can use this controlled device as a springboard to find and exploit other devices in its local network, which has more permissions.

    Log in to Reply
  5. Humbert Amiani says

    October 25, 2020 at 6:52 pm

    The potential damage from malware in regard to this vulnerability is unlimited. Most attackers try to gain access then maintain it for as long as they can. Having super user privileges gives an attacker a gateway to install backdoors that help them maintain access to a compromised system. The fact that the vulnerability also takes advantage of a logic flaw in how Linux interprets “-1” or “4294967295” could mean there are more vulnerabilities to be discovered that operate in a similar way.

    Log in to Reply
  6. Amelia Safirstein says

    October 25, 2020 at 11:33 pm

    This vulnerability allows users to circumvent privilege restrictions in Linux, and to run commands as root/the system administrator. Malicious actors or malware could use this vulnerability to gain unrestricted access to the system. They could use this to steal, alter, or destroy any data that the root user has access to. A sudo version with the patch is available but organizations can be slow to update systems. Additionally, malicious actors who exploited this vulnerability could have already created a second entry point.

    Log in to Reply
  7. Candace T Nelson says

    October 26, 2020 at 12:23 am

    Somehow I missed this portion of our assignment until late today, so I am responding after many of my classmates who have already touched upon the limitless “functionality” this vulnerability enables.

    While reading the article I couldn’t help but think about the statistics I have encountered while conducting research for this class. For example, one firm suggested that implementation of a patch within 30 days of it’s release is considered “gold standard.” In this instance, after the vulnerability was disclosed, think of the headway that could be gained by cybercriminals in a matter of 30 days minimum. There are then the companies who have not kept up with patching and are not able to remedy this quickly. I believe the risk posed by third parties with malicious intent is much higher than a rogue employee under these circumstances..

    Log in to Reply
  8. Bryan Garrahan says

    October 26, 2020 at 10:55 am

    To echo those above, the impact and likelihood of this vulnerability is severe. Users will be able to modify security access and likely stay relatively undetected. What stood out to me was Mohit’s tweet regarding case 3 when he notes, “Instead of making a rule just for tom, dick, harry, or bob, when you block an entire group of low privileged users, restricting them from running commands as any other group (usually admin) that also contains the root.

    %basic_users_group = (ALL, !%admin)”

    I think utilizing security groups is a good practice in order to control access – however, it does get a bit more messy when it comes to utilizing nested groups within these security groups.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (1)
  • Week 01: Overview (5)
  • Week 02: TCP/IP and Network Architecture (3)
  • Week 03: Virtualization (2)
  • Week 04: Vulnerability Scanning (2)
  • Week 05: System and User Enumeration (2)
  • Week 06: Metasploit (1)
  • Week 07: Social Engineering (2)
  • Week 08: Malware (2)
  • Week 09: Web Application Security (1)
  • Week 12: Wireless (2)
  • Week 14: Review of all topics (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in