icon

We found results for “

CVE-2019-14287

Date: October 15, 2019

Overview

Sudo is a powerful and popular command-line tool that is installed on nearly every UNIX-like and Linux-based operating system. The open source tool lets system administrators set security policies that allow certain users to execute commands as the superuser (root user) or another user. The system access rights are configured in a file called sudoers. Affected versions of this utility allow a user to circumvent the Sudo policy restrictions and execute arbitrary commands as the root user, even in situations when root access is not permitted.

Details

The CVE-2019-14287 vulnerability occurs when the sudoers configuration entry permits a user or a program to run a command as any other user, except the root. Here is a sudoers entry example: certainuser myhost = (ALL, !root) /usr/bin/resources The above specification implies that the user called “certainuser” can execute the “resources” command as any other user, excluding the root. The exclamation mark (!) is what denotes the exclusion. Apart from referring to the “root” user by name, they may also be identified using other methods, such as by user id: certainuser myhost = (ALL, !#0) /usr/bin/resources While the above entry implies that a security policy has been established to limit access, a malicious user could bypass that restriction. If an attacker specifies the target user using a numeric id of -1, or its unsigned equivalent 4294967295, the function will fail to parse all the values properly. In such a case, it would treat the user id like 0, which denotes the id of the root user. This would allow the attacker to run the command with root privileges, circumventing the set security policy.

Affected Environments

Sudo versions before 1.8.28

Remediation

Assess every sudoers configuration entry that has the exclamation mark (!) and ensure that the root user is not among those excluded. You can get them in files under /etc/sudoers.d or in the /etc/sudoers file.

Prevention

Update to Sudo version 1.8.28 or higher

Language: C

Good to know:

icon

Input Validation

CWE-20
icon

Upgrade Version

Upgrade to version SUDO_1_8_28

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information: