Linux SUDO Vulnerability Found That Allows Low Privileged Users To Run Commands As Root

  • 5

Researchers have discovered a security vulnerability in the Linux SUDO command that threatens numerous Linux servers. The flaw could allow arbitrary users to run commands as root on target devices.

Linux SUDO Vulnerability Discovered

A researcher from Apple Information Security, Joe Vennix, discovered a security flaw targeting Linux servers. The vulnerability primarily existed in the Linux SUDO command, allowing low privileged users to run commands as root.

Essentially, the SUDO command (superuser do) allows underprivileged users to run root commands on a Linux device. SUDO, however, only allows this privilege when configured to do so, or when the underprivileged user knows the root password. SUDO also allows a user to run commands as another user when configured accordingly.

Due to the bug, SUDO functioned abnormally, allowing anyone to bypass the check. Thus, even when the configuration disallowed underprivileged users to run root commands, SUDO would let them bypass with UID -1 or 4294967295.

According to the description in the security advisory,

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

The advisory also details the exploit for the vulnerability CVE-2019-14287.

Patch Rolled Out

Fortunately many Linux servers remain unaffected. This is because the vulnerability mainly works for non-standard configurations allowing arbitrary user IDs.

Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL in the Runas specifier.

Since this isn’t the default configuration, most Linux users remain unaffected from the flaw.

Nonetheless, for those with the vulnerable configuration, the flaw affects Sudo versions prior to 1.8.28. Thus, upgrading systems to sudo 1.8.28 is essential to stay protected from the risk of exploit.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!