Thursday, January 30, 2025
Follow us On Linkedin
HomeComputer SecurityA Vulnerability In Linux Sudo Let the Restricted Linux Users to Run...

A Vulnerability In Linux Sudo Let the Restricted Linux Users to Run Commands as Root

Computer SecurityCVE/vulnerabilityLinux

Published on

By Balaji
Sudo

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

A new vulnerability has been discovered in the Linux Sudo program let unprivileged users can run the command as root by specifying the user ID -1 or 4294967295.

Sudo (Superuser Do) program in Linux is responsible to allocate the security privileges to run commands for normal users and by default for Superusers.

The vulnerability affected the Sudo versions before 1.8.28 and the potential users to bypass the Runas user restrictions.

Runas basically referred to allow a Linux user to start an application with different user credentials, and it restricts the users to gain other privileged access.

Based on the Sudo users policy, If ALL keyword in a Runas specification, then any user to run commands as an arbitrary user.

By exploiting the vulnerability in Sudo let normal users with sufficient Sudo privileges to run commands as root even if the Runas specification explicitly disallows root access and allows to gain the complete control of the system.

Exploit the Sudo Bug (CVE-2019-14287 )

To exploit the bug, the users should have Sudo privilege, which means, the user’s entry in Runas specifier with special value ALL, so that users can run a command as an arbitrary user.

myhost alice = (ALL) /usr/bin/id

In the above command with (ALL) in Runas Specifier, a user can run the command as any users, also able to run it as an arbitrary user ID by using the #uid syntax.

sudo -u#1234 id -u

In this case, when we treat user ID -1 or 4294967295 (unsigned equivalent for -1 ), the result returns 0 (Not root).

sudo -u#-1 id -u

“So If a sudoers entry is written to allow the user to run a command as any user except root, the bug can be used to avoid this restriction,” Joe Vennix from Apple Information Security said.

According to Sudo report , For example, given the following sudoers entry:

myhost bob = (ALL, !root) /usr/bin/vi

User bob is allowed to run vi as any user but root. However, due to the bug, bob is actually able to run vi as root by running sudo -u#-1 vi, violating the security policy.

The vulnerability affected only sudoers entries where Runas specifier with ALL keyword and the vulnerability has been assigned CVE-2019-14287

It’s highly recommended to update the newly released Sudo 1.8.28 version in your Linux and soon the update will be rolled out for all the Linux distributions.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Browser

New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions

Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol...
Cyber Security News

New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks

Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that...
Cyber Security News

DeepSeek Database Publicly Exposed Sensitive Information, Secret Keys & Logs

Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek,...
Cyber Security News

OPNsense 25.1 Released, What’s New!

The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed "Ultimate Unicorn," this...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

cyber security

Lynx Ransomware Architecture to Attack Windows, Linux, ESXi Uncovered

The emergence of the Lynx Ransomware-as-a-Service (RaaS) platform has drawn significant attention in cybersecurity...
cyber security

Hackers Attacking Windows, macOS, and Linux systems With SparkRAT

Researchers have uncovered new developments in SparkRAT operations, shedding light on its persistent use...
CVE/vulnerability

Windows CLFS Buffer Overflow Vulnerability CVE-2024-49138 – PoC Released

 A recently disclosed Windows kernel-level vulnerability, identified as CVE-2024-49138, has raised significant security concerns in...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved