Glaring Sudo Flaw can Enable Malicious Users to Run Arbitrary Commands on Linux Systems

• Sudo, which stands for ‘superuser do’, is a powerful and commonly used utility that comes installed on almost every UNIX and Linux-based operating system.
• It allows a user to run applications or commands with the privileges of a different user without switching environments.

One of the most widely used Linux commands, the Sudo, has been found to be impacted by a security bypass flaw.

About Sudo

Sudo, which stands for ‘superuser do’, is a powerful and commonly used utility that comes installed on almost every UNIX and Linux-based operating system. It allows a user to run applications or commands with the privileges of a different user without switching environments.

What is the vulnerability?

Discovered by Joe Vennix of Apple Information Security, the sudo security bypass flaw can allow a malicious user or a program to execute random commands as root on a targeted Linux system without providing any password. This works even when the ‘sudoers configuration’ explicitly disallows the root access.

The vulnerability is tracked as CVE-2019-14287.

How can it be exploited?

The flaw can be exploited just by specifying the user ID "-1" or "4294967295." This exploits a flaw in the conversation function, which essentially treats -1 and 4294967295 as “0”.

“Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user's sudoers entry has the special value ALL in the Runas specifier,” reads the alert.

Impacted versions

The flaw affects the sudo versions prior to 1.8.28.

Fixing the flaw

Linux users are urged to update a newer sudo package version 1.8.28 or later to fix the flaw.