Blog

CVE-2019-14287 – sudo

October 15, 2019 kitty

Thre is a bug in sudo before 1.8.28. The bug, basically, involve UID validation where user ID -1 or 4294967295 could allow a user with sudo privilege to run command as root, even the Runas specification explicitly disallow root access.

For example, specify Runas in /etc/sudoers like this:

test ALL=(ALL,!root) /usr/bin/whoami

You can do this:

Fix ? Just update the package.

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

kitty.in.th

Daily Archives: October 15, 2019

CVE-2019-14287 – sudo

A Just-for-Fun Website