- Welcome To Exploit Zone
- The kingdom of knowledge sharing in hacking
- New Updates ! Stay Tunned !
- Share your knowledge here !
- unlash your power on our challenges !
- Become a ninja in the Shadow !
Search the Community
Showing results for tags 'cve-2019-14287'.
Found 1 result
What is the sudo vulnerability ? So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ? as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo", btw it's the most secure way to access to the /etc/sudoers file, this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it. what can you do by exploiting this vulnerability: -bypass root password to execute arbitrary command. -bypass command restriction, (e.g: if a user is configured as "sergent ALL=(ALL, !root) /usr/bin/passwd" in the sudoers file, he can still change he's password + as root). How to exploit this vulnerability ? To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable. to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID, if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid. How to prevent/fix it ? The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore. leave a like buddy