There is a warning for all Linux users.
A new vulnerability has been found on the sudo.
For users who are not aware about it. Sudo stands for “superuser do”. It is a popular, powerful program that lets you run program with privileges. It is a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability lies in the sudo bypass issue which allows a program or a hacker to execute commands with root access. It is even when the “sudoers configuration” explicitically disallows root access.
On most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file (as shown below in the screenshot). It allow all users in the sudo group or admin to run any command as any valid user on the system.
So, a user who is restricted to run some commands or even doesn’t have permission to commands as root. this vulnerability allows you a user to bypass the security privileges and can take complete control over the system.
How hackers can use this vulnerability?
The vulnerability, tracked as CVE-2019-14287 which was discovered by the Apple informatics system employee Joe vernix.
This flaw can be exploited by run command just by specifying user ID “-1″or by “4294967295”. It’s because the function (programming function) which converts user id into its username treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user.
The vulnerability affects all Sudo versions prior to the latest released version 1.8.28. It will soon be rolled out as an update to various Linux distributions to their users.
So, if there is any update for your Linux device, then it is recommended to update your device.
