Security researchers discovered a security bypass vulnerability in one of the most widely used Linux commands, the Sudo.
According to researcher Joe Vennix, who discovered the vulnerability, the Sudo security bypass flaw can allow a malicious user to run random commands as root on a targeted Linux system. The researcher stated the vulnerability, named as CVE-2019-14287, works even when the Sudoers configuration forbids root access.
Sudo, which stands for Superuser Do, is one of the most important and commonly used utilities that comes as a core command, installed on almost every UNIX and Linux-based operating system.
Vennix stated the flaw can be exploited by specifying the user ID “-1” or “4294967295”, which manipulates the flaw in the conversation function. It’s also said the vulnerability affects all Sudo versions, except the latest version 1.8.28.
“Exploiting the bug requires that the user have Sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL in the Runas specifier,” the bug report said. “Sudo supports running a command with a user-specified username or user ID if permitted by the sudoers policy. For example, the following sudoers entry allows the ID command to be run as any user because it includes the ALL keyword in the Runas specifier.
Linux users encountered a similar security issue in 2017, after they discovered a massive vulnerability in the open-source Samba server of Linux that could have triggered a mass predicament. The Samba flaw was noticed and announced by a researcher with the alias “steelo”.
“All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it,” stated the Samba Project advisory.