Mon. Jul 13th, 2020

Pentesting Fun Stuff

following the cyber security path…

Sudo Security Bypass

Sudo Security Bypass

Recently there was a big commotion about sudo or ‘superuser do‘. Apparently there was a flaw in this immense popular program which enables Linux users to create a more granular security structure on their operating system. Sudo gives the system admin the possibility to hand out permission and control which user can use what program and if they can act temporarily as root or NOT.

With the found flaw it is possible for a user to run the program even if the sysadmin had restricted this. To use this flaw it is important to remember that the user in question needs to have some sort of sudo permission. If the user has non sudo permission, there is no sudo to exploit! Also the flaw only exists in the sudo version prior to 1.8.28, because in this version the flaw is patched.

An example:

In the sudoers file there is a user (test). For this user it’s restricted to run /bin/bash as root.

This is how it normally behaves. The !root restriction in the sudoers file is doing its work.

But with the usage of the flaw, the user test just ran /bin/bash as root, making him: root!

Because I like to do CTF’s, I created a small script that checks if the sudo version is vulnerable and exploits the flaw with the given sudo permission.

The script can be found on my github page: https://github.com/n0w4n/CVE-2019-14287

Also…..don’t forget to update your Linux version!!! Happy hacking…

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.