Apple Researcher Finds Huge Flaw In Linux Sudo Command

(Image credit: Shutterstock)

Joe Vennix of Apple Information Security found a significant security vulnerability (CVE-2019-14287) in the Linux sudo utility that could have allowed other users to gain unauthorized administrative (“root”) privileges on a Linux machine.

The Sudo command allows specific users to gain administrative privileges on their own user account after they authenticate with the root account’s password. In the Linux world, root is similar to the default Windows Administrator account.

The researcher found that the ALL keyword, which normally allows root users to execute any command, could be used to bypass previously set restrictions for non-root users. Because of this vulnerability, non-root users or programs that were configured in the etc/sudoers file would also be able to run any root command and take over the system.

To exploit this bug, a malicious party would need to specify the user ID "-1" or "4294967295” when running the sudo account. This seems to be allowed by the system because the function that converts the user ID into real usernames treats the “-1” and "4294967295” as “0,” which is the user ID for the root user.

The vulnerability affects all sudo versions before version 1.8.28, which was released today. The update is also in the process of being delivered to various distros, so if you’re running Linux you may want to check your system for updates until the sudo utility gets the mentioned version or newer.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.