{"id":20629,"date":"2019-10-15T11:36:00","date_gmt":"2019-10-15T04:36:00","guid":{"rendered":"https:\/\/kitty.in.th\/?p=20629"},"modified":"2025-01-01T11:37:41","modified_gmt":"2025-01-01T04:37:41","slug":"cve-2019-14287-sudo","status":"publish","type":"post","link":"https:\/\/kitty.in.th\/index.php\/2019\/10\/15\/cve-2019-14287-sudo\/","title":{"rendered":"CVE-2019-14287 \u2013 sudo"},"content":{"rendered":"\n<p>Thre is a bug in sudo before 1.8.28. The bug, basically, involve UID validation where user ID -1 or 4294967295 could allow a user with sudo privilege to run command as root, even the Runas specification explicitly disallow root access.<\/p>\n\n\n\n<p>For example,&nbsp; specify Runas in \/etc\/sudoers like this:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">test ALL=(ALL,!root) \/usr\/bin\/whoami<\/pre>\n\n\n\n<p>You can do this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"560\" height=\"200\" src=\"https:\/\/kitty.in.th\/wp-content\/uploads\/2025\/01\/73539166_2738336349531279_5837897940189839360_n.jpg\" alt=\"\" class=\"wp-image-20630\" srcset=\"https:\/\/kitty.in.th\/wp-content\/uploads\/2025\/01\/73539166_2738336349531279_5837897940189839360_n.jpg 560w, https:\/\/kitty.in.th\/wp-content\/uploads\/2025\/01\/73539166_2738336349531279_5837897940189839360_n-300x107.jpg 300w, https:\/\/kitty.in.th\/wp-content\/uploads\/2025\/01\/73539166_2738336349531279_5837897940189839360_n-96x34.jpg 96w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/><\/figure>\n\n\n\n<p>Fix ? Just update the package.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thre is a bug in sudo before 1.8.28. The bug, basically, involve UID validation where user ID -1 or 4294967295 could allow a user with sudo privilege to run command as root, even the Runas specification explicitly disallow root access. For example,&nbsp; specify Runas in \/etc\/sudoers like this: test ALL=(ALL,!root) \/usr\/bin\/whoami You can do this: &hellip; <a href=\"https:\/\/kitty.in.th\/index.php\/2019\/10\/15\/cve-2019-14287-sudo\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">CVE-2019-14287 \u2013 sudo<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85],"tags":[5,100],"class_list":["post-20629","post","type-post","status-publish","format-standard","hentry","category-blog","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/comments?post=20629"}],"version-history":[{"count":2,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20629\/revisions"}],"predecessor-version":[{"id":20632,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/posts\/20629\/revisions\/20632"}],"wp:attachment":[{"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/media?parent=20629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/categories?post=20629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kitty.in.th\/index.php\/wp-json\/wp\/v2\/tags?post=20629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}