Sudo (super user do) can typically only be command executed with specific user permissions or with password access at the root. Because of the flaw, it could be possible for attackers without these privileges to run a Sudo command. It is worth noting the configurations that are vulnerable are not standard. It is still concerning as non-permitted users could run dangerous commands at the Linux root. This is potentially a huge problem, but the relative rarity of the flaw eases the issue. Most users would be safe because to exploit the flaw. An attacker would need access to a machine that allows users to execute commands as any user. Needless to say, this is not the case with most Linux devices. For reference, the flaw as been assigned CVE-2019-14287.

Attack

If an attacker did have access to a machine to wider user permissions, exploiting the flaw would be straightforward. A bad actor could run a command as user -1 or 4294967295. The addition of the parameters -u#-1 or -u#4294967295 to the Sudo command would be enough to get wider root access. The vulnerability has been described on sudo.ws: “This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. Log entries for commands run this way will list the target user as 4294967295 instead of root.” Joe Vennix, a security researcher working for Apple, discovered the flaw. Sudo 1.8.28 was rolled out with a patch for the vulnerability, so it has now been fixed. As always, users who have not updated will still be at risk.

Linux Root Level Vulnerability Leaves Millions of Devices at Risk - 72Linux Root Level Vulnerability Leaves Millions of Devices at Risk - 24Linux Root Level Vulnerability Leaves Millions of Devices at Risk - 4Linux Root Level Vulnerability Leaves Millions of Devices at Risk - 46Linux Root Level Vulnerability Leaves Millions of Devices at Risk - 66