Linux sudo flaw can lead to unauthorized privileges

News

15 Oct 20192 mins

LinuxNetworking

Exploiting a newly discovered sudo flaw in Linux can enable certain users with to run commands as root despite restrictions against it.

Credit: Thinkstock

A newly discovered and serious flaw in the sudo command can, if exploited, enable users to run commands as root in spite of the fact that the syntax of the /etc/sudoers file specifically disallows them from doing so.

Updating sudo to version 1.8.28 should address the problem, and Linux admins are encouraged to do so as soon as possible.

How the flaw might be exploited depends on specific privileges granted in the /etc/sudoers file. A rule that allows a user to edit files as any user except root, for example, would actually allow that user to edit files as root as well. In this case, the flaw could lead to very serious problems.

For a user to exploit the flaw, a user needs to be assigned privileges in the /etc/sudoers file that allow that user to run commands as some other users, and the flaw is limited to the command privileges that are assigned in this way.

This problem affects versions prior to 1.8.28. To check your sudo version, use this command:

$ sudo -V
Sudo version 1.8.27	
Sudoers policy plugin version 1.8.27
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.27

The vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database. The risk is that any user who has been given the ability to run even a single command as an arbitrary user may be able to escape the restrictions and run that command as root – even if the specified privilege is written to disallow running the command as root.

The lines below are meant to give the user “jdoe” the ability to edit files with vi as any user except root (!root means “not root”) and nemo the right to run the id command as any user except root:

# affected entries on host "dragonfly"
jdoe dragonfly = (ALL, !root) /usr/bin/vi
nemo dragonfly = (ALL, !root) /usr/bin/id

However, given the flaw, either of these users would be able to circumvent the restriction and edit files or run the id command as root as well.

The flaw can be exploited by an attacker to run commands as root by specifying the user ID “-1” or “4294967295.”

The response of “1” demonstrates that the command is being run as root (showing root’s user ID).

Joe Vennix from Apple Information Security both found and analyzed the problem.

by Sandra Henry-Stocker

Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Linux sudo flaw can lead to unauthorized privileges

Exploiting a newly discovered sudo flaw in Linux can enable certain users with to run commands as root despite restrictions against it.

More from this author

Shredding files on Linux with the shred command

Who’s logging into your Linux servers?

Working with directories on Linux

Getting ready for World Backup Day 2024

Most popular authors

Show me more

Can your cloud backup provider fail?

Cisco marries AI and security with cloud-based data center offering

Intel announces edge AI processors

Has the hype around ‘Internet of Things’ paid off? | Ep. 145

Episode 1: Understanding Cisco’s Converged SDN Transport

Episode 2: Pluggable Optics and the Internet for the Future

Has the hype around ‘Internet of Things’ paid off?

Are unused IPv4 addresses a secret gold mine?

Preparing for a 6G wireless world: Exciting changes coming to the wireless industry