A vulnerability was recently detected in the Linux sudo command (super user do). This could allow users who do not have rights to execute commands as root. The good news is that not all Linux has been affected servers, as it is a type of vulnerability that affects only informal configurations.
But first of all, let's look at how the sudo command works and how it can be configured. When commands are executed on operating system For Linux, unauthorized users can use the sudo command to execute commands as root. The basic requirement is that they are licensed or know password of the root.
The sudo command can be configured to allow one user execute commands as another user by adding special instructions to the configuration file. The following commands allow the user `test` to execute the / usr / bin / vim and / usr / bin / id commands as any user other than root.
When a user is created on Linux, he gets a UID. Users can use these UID instead of a username when starting sudo.
Let's go back to that now vulnerability. Apple security researcher Joe Vennix discovered one bug which allows users to start a sudo command as root using the “-1” or “4294967295” UID. For example, the following command could use this error to start user / usr / bin / id as root, even though `test 'refused to do so in / etc / sudoers.
The truth is that this is a powerful error, but it's important to know that it can only work if a user has access to a command via the sudoers file. Otherwise this error will have no effect.
To be able to exploit a vulnerability, a user must have set up for one mandate, a sudoer instruction that can start other commands.
While this error it is obviously powerful, it can still be used only at informal configurations that will not affect the vast majority of Linux users.
What users are using instructions sudoers, it's best to upgrade to sudo 1.8.28 or later as soon as possible.