Re: [PLUG] Sudo flaw

JP Vossen via plug on 14 Oct 2019 17:04:23 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Sudo flaw

From: JP Vossen via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Sudo flaw
Date: Mon, 14 Oct 2019 20:04:18 -0400
Reply-to: JP Vossen <jp@jpsdomain.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

On 10/14/19 7:58 PM, Joe Rosato via plug wrote:

The Hacker News (@TheHackersNews) tweeted at 2:32 PM on Mon, Oct 14, 2019:
🔥 CVE-2019-14287
A flaw in Sudo—that comes installed on almost every #Linux OS—could letusers run commands as "root" even when they're restricted.
Details ➤ https://t.co/NeFvITBR73
How? Just by specifying user ID "-1" or "4294967295" in the commandinstead of the root. https://t.co/zlvC7PSYrI
(https://twitter.com/TheHackersNews/status/1183812855612596225?s=03)


Yeah, nice one.  `sudo -u#-1`  More:
* http://www.theregister.co.uk/2019/10/14/linux_sudo_security_bug/

*https://linux.slashdot.org/story/19/10/14/2231235/flaw-in-sudo-enables-non-privileged-users-to-run-commands-as-root


Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Sudo flaw
  - From: prushik--- via plug <plug@lists.phillylinux.org>

References:
- [PLUG] Sudo flaw
  - From: Joe Rosato via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] Sudo flaw
Next by Date: Re: [PLUG] Sudo flaw
Previous by thread: [PLUG] Sudo flaw
Next by thread: Re: [PLUG] Sudo flaw
Index(es):
- Date
- Thread