Bug in the rug… but not anymore.
By Charles Levere, on October 16, 2019.
The Sudo bug designated CVE-2019-14287 in the Common Vulnerabilities and exposures Data Base has been patched by developers. The bug allowed users to bypass privilege restrictions to execute commands as root.
The bug was discovered by Apple security researcher Joe Vennix who discovered and analyzed the bug.
How The Sudo Bug Works
The Sudo bug would allow attackers to use the Sudo exploit by specifying the user ID of the person executing commands to be “-1” or “4294967295.” The bug would allow both of these user IDs to resolve automatically to the value “0” , the user ID for root access.
Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL
in the Runas specifier. Sudo supports running a command with a user-specified user name or user ID, if permitted by the sudoers policy. For example, the following sudoers entry allow the id command to be run as any user because it includes the ALL keyword in the Runas specifier.
The bug as powerful as it is would only work if a user was given access to a command via the Sudoers configuration file. As such it can really only be used under non standard configurations and will not affect the majority of Linux users. Having said that if you do happen to use Sudoers you should update to version 1.8.28 or later as soon as possible.
Sudo Versions affected
Sudo versions prior to 1.8.28 are affected and should be updated as soon as possible.
Sudo Bug Patched
The Sudo bug was patched by developers a few days ago at this point so make sure you update when the patch becomes available to your distro version. The Sudo version has been updated to version 1.8.28 . I noticed my machine had patches for it this morning when logging in to my system.
Sudo receives patch to resolve the CVE-2019-14287 bug. The Sudo version has been updated to version 1.8.28 .