Sudo bug in Linux allows users to run some restricted commands as root without permission
Sudo, one of the most commonly used utilities in Linux, has been found to have a vulnerability that could allow malicious users or programs to execute arbitrary commands as root on a targeted Linux system without clearance.
The flaw was found to be working only on Linux systems that have a non-standard configuration.
For those unaware, Sudo is aย programย forย Unix-likeย computerย operating systemsย that allows users to run programs with the security privileges of another user, by default theย โsuperuserโ (a specialย user accountย used forย system administration).
In other words, Sudo (su “do”) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments.
Also Read- Best Websites To Learn Linux Online
The security vulnerability known as CVE-2019-14287 allows users to circumvent the non-root restriction by simply changing the user ID to -1 or 4294967295 with the ‘sudo’ command. This triggers the vulnerability and gives root access.
โWhen sudo is configured to allow a user to run commands as an arbitrary user via theย ALLย keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,โ according toย the Sudo vulnerability alert.
โThis can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as theย ALLย keyword is listed first in the Runas specification.
โLog entries for commands run this way will list the target user as 4294967295 instead of root.โ
This happens because a function that converts a user ID to a username mistakes -1 (or invalid equivalent 4294967295) as 0, which happens to be the root user ID. Also, since the user ID specified with the -u option does not exist in the password database, no PAM session modules will run.
Also Read- Best YouTube Channels To Learn Linux Online
The bug was found and reported by Joe Vennix of Apple security, which has now been patched in Sudo version 1.8.28.
Those who are affected by the bug can check for available updates and patch the exploit on their machine. If you are not getting an update from your distribution of choice are recommended to update Sudo manually to the latest version as soon as it is available.
