Jump to content
Under Attack Mode

we are under attack,
For 2 days we have been the target of DDOS attack by small ScriptKiddies.
We are deploying a solution to solve the problem
Please stay tunned !


If you encounter problems with the new theme please inform the staff

@AdminSec   @mister     @SC_z     @Naylor

Search In
  • More options...
Find results that contain...
Find results in...

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
Read more...

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
Sign in to follow this  
Ichinose

CVE-2019-14287 sudo vulnerability

Recommended Posts

What is the sudo vulnerability ?

So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ?

as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER   $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo"btw it's the most secure way to access to the /etc/sudoers file, 

this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, 

all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it.

what can you do by exploiting this vulnerability:

-bypass root password to execute arbitrary command.

-bypass command restriction, (e.g: if a user is configured as "sergent   ALL=(ALL, !root) /usr/bin/passwd"  in the sudoers file,  he can still change he's password + as root).

How to exploit this vulnerability ?

To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable.

to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID,

if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid.

How to prevent/fix it ?

The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER   $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore.

 

leave a like buddy :classic_biggrin:

 

 

 

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...