Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
Sign in to follow this  
Ichinose

CVE-2019-14287 sudo vulnerability

Recommended Posts

What is the sudo vulnerability ?

So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ?

as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER   $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo"btw it's the most secure way to access to the /etc/sudoers file, 

this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, 

all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it.

what can you do by exploiting this vulnerability:

-bypass root password to execute arbitrary command.

-bypass command restriction, (e.g: if a user is configured as "sergent   ALL=(ALL, !root) /usr/bin/passwd"  in the sudoers file,  he can still change he's password + as root).

How to exploit this vulnerability ?

To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable.

to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID,

if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid.

How to prevent/fix it ?

The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER   $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore.

 

leave a like it buddy :classic_biggrin:

 

 

 

Edited by Ichinose

Share this post


Link to post
Share on other sites
Sign in to follow this  

×