Language Selection

English French German Italian Portuguese Spanish

Linux security hole: Much sudo about nothing

Filed under
Linux
Security

There's a lot of hubbub out there now about a security hole in the Unix/Linux family's sudo command. Sudo is the command, which enables normal users to run commands as if they were the root user, aka the system administrator. While this sudo security vulnerability is a real problem and needs patching, it's not nearly as bad as some people make it out to be.

At first glance the problem looks like a bad one. With it, a user who is allowed to use sudo to run commands as any other user, except root, can still use it to run root commands. For this to happen, several things must be set up just wrong.

First the sudo user group must give a user the right to use sudo but doesn't give the privilege of using it to run root commands. That can happen when you want a user to have the right to run specific commands that they wouldn't normally be able to use. Next, sudo must be configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification.

Read more

Potential bypass of Runas user restrictions

  • Potential bypass of Runas user restrictions

    When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

    This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

    Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.

Linux Sudo bug opens root access to unauthorized users

  • Linux Sudo bug opens root access to unauthorized users

    Sudo, the main command in Linux that allows users to run tasks, has been found to have a vulnerability that allows unauthorized users to execute commands as a root user.

    The vulnerability, known as CVE-2019-14287, does require a nonstandard configuration but nonetheless does open the door to unauthorized users.

    The vulnerability allows users to bypass the nonroot restriction by simply using -u#-1 in the command line. As The Hacker News described it Monday, the sudo security policy bypass issue allows “a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the ‘sudoers configuration’ explicitly disallows the root access.”

More Sudo Coverage

  • One of Linux's most important commands had a glaring security flaw
  • Sudo Vulnerability

    ‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

    “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

  • Linux/Unix exploit allows some restricted commands to be run as root without clearance

    The 'sudo' keyword in Unix and Linux allows users to execute certain commands with special-access privileges that cannot otherwise run on a given machine by a user with a lower level of clearance. Unsurprisingly, it is one of the most important commands in the entire Linux/Unix ecosystem, one that can substantially compromise the device's security if it is exploited.

    One such exploit/bug was discovered by Joe Vennix from Apple Information Security. The vulnerability has been titled CVE-2019-14287 in the Common Vulnerabilities and Exposure database. As stated before, 'sudo' lets you run commands that cannot otherwise be run by normal users on the machine. With CVE-2019-14287, you could circumvent this by simply changing the user ID to -1 or 4294967295 with the 'sudo' command. That means that by spoofing their identity, any user could execute restricted commands on the machine.

Big security flaw in Linux sudo command

  • Big security flaw in Linux sudo command

    Apple security researcher Joe Vennix has found a security bug in the important sudo command in Linux.

    The sudo command, which is short for “super user do”, is widely used in various Linux distributions to separate administrator-level permissions from ordinary system users.

    When installing programs, for instance, you would typically use the sudo command. Using sudo in front of any command or program causes it to be run as the administrator, or “root” user.

Security Flaw in Sudo...

  • Security Flaw in Sudo allows Users to Run Commands on Linux Systems

    Security researchers discovered a security bypass vulnerability in one of the most widely used Linux commands, the Sudo.

    According to researcher Joe Vennix, who discovered the vulnerability, the Sudo security bypass flaw can allow a malicious user to run random commands as root on a targeted Linux system. The researcher stated the vulnerability, named as CVE-2019-14287, works even when the Sudoers configuration forbids root access.

    Sudo, which stands for Superuser Do, is one of the most important and commonly used utilities that comes as a core command, installed on almost every UNIX and Linux-based operating system.

'Serious' Linux Sudo Bug's Damage Potential

  • 'Serious' Linux Sudo Bug's Damage Potential Actually May Be Small

    Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed.

    The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, software developer and senior engineer at Quest Software and a maintainer of the open source Sudo project.

    "Most Sudo configurations are not affected by the bug. Non-enterprise home users are unlikely to be affected at all," he told LinuxInsider.

Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root

More Linux Bug

  • Linux Sudo bug could allow hackers root access

    Security researchers have discovered a bug in Sudo that enables hackers to execute commands as root on a Linux system when the "sudoers configuration" explicitly disallows the root access.
    Sudo is a powerful utility that is installed on virtually every Unix and Linux system; it enables certain users or groups to execute commands in the context of any other user – including as root – without having to log in as a different user.
    Exploiting the vulnerability requires the user to have Sudo privileges that allow them to run commands with an arbitrary user ID, except root. This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.

  • Linux Wi-Fi bug leaves systems vulnerable to forced crashes and full control by hackers

    A vulnerability has been discovered in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips on Linux system. A flaw in the driver could be exploited to either crash your device, or even allow an attacker to take full control of your system.

    The bug has been around for at least four years, and is described as 'serious' by security experts. It has been assigned CVE-2019-17666, and while a fix has been proposed, it's yet to be incorporated into the Linux kernel.

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

  • Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

    A critical Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A fix has been proposed but has not yet been incorporated into the Linux kernel.

    The flaw (CVE-2019-17666), which was classified as critical in severity, exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek Wi-Fi modules, used in Linux devices, to communicate with the Linux operating system.

    Specifically, the driver is vulnerable to a buffer overflow attack, where a buffer (a region in physical memory storage used to temporarily store data while it is being moved) is allocated in the heap portion of memory (a region of process’s memory which is used to store dynamic variables). That excess data in turn corrupts nearby space in memory and could alter other data, opening the door for malicious attacks. This specific flaw could enable attackers to launch a variety of attacks – from crashing vulnerable Linux machines to full takeover.

"Driver checks whether the card is currently connected in p2p"

  • This Week In Security: A Digital Café Américain, The Linux Bugs That Weren't, The Great Nation, And More

    A problem in sudo was disclosed this week, that allowed users to run commands as root even when they don’t have permission to do so. Sudo allows a user to specify a numeric user ID instead of a username. It was discovered that specifying -1 as the user did something unexpected, it failed. Trying to switch to user -1 fails, but sudo runs the rest of the command anyway, as root instead of user -1. I was excited to test this simple vulnerability on a slightly out-of-date system. I created an unprivileged user, ran the sudo command, and got the expected security error, but no root access.

    [...]

    In some ways a similar story, a problem in the Linux Kernel’s Realtek driver was found on Monday. At first glance, it’s another terrifying vulnerability that affects every Linux user with a Realtek wireless card. It’s appears to be a standard buffer overflow, where the length of a field is checked in one way, but not checked to be under the maximum length. A longer than expected data field will overflow the buffer and cause problems. A code execution exploit has not yet been discovered, but it’s likely to be eventually found.

    The catch with this bug is that before the vulnerable code is called, the driver checks whether the card is currently connected in p2p mode. Here’s the check in question if you’re interested. This means that rather than being vulnerable to attack any time your Realtek is powered on, you aren’t actually at risk unless you’re talking to another device using the p2p WiFi mode. In all the Linux WiFi work I’ve done over the years, I don’t think I’ve ever used p2p mode on a wireless card under Linux.

  • A Linux Bug Can Be Exploited To Hack Systems Using Wi-Fi Signals

    An unpatched bug in Linux systems could be exploited to crash the entire operating system, even worse, gain control of the system via nearby devices using Wi-Fi signals.

    The flaw stems from the RTLWIFI driver that supports Realtek Wi-Fi chips in Linux systems. The driver flaw can be activated as soon as the affected device is brought under the radio range of a malicious device.

  • Unpaired Linux bug can open devices for serious attacks via Wi-Fi

    The vulnerability is tracked as CVE-2019-17666. Linux developers suggested a fix on Wednesday that is likely to be included in the OS kernel in the coming days or weeks. Only then will the fix find its way to various Linux distributions.

    [...]

    The article notes that the error "cannot be activated if Wi-Fi is disabled or if the device uses a Wi-Fi chip from another manufacturer."

Patch Awaited For A Critical Four-Year-Old Linux WiFi...

  • Patch Awaited For A Critical Four-Year-Old Linux WiFi Vulnerability

    Linux users unknowingly remained vulnerable to a serious security flaw for almost four years. Recently, a researcher highlighted a critical Linux WiFi vulnerability that could allow system compromise. The bug existed for four years and still awaits a patch.

    Reportedly, there is a security vulnerability affecting millions of Linux users. The vulnerability primarily affects the Realtek driver (rtlwifi) allowing an adversary to compromise the targeted system. As discovered by the researcher Nico Waisman, the Linux WiFi vulnerability existed for about four years.

Linux Could Open The Door To Serious Attacks Over Wifi Signals

  • Linux Could Open The Door To Serious Attacks Over Wifi Signals

    A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.

    The flaw is situated within the RTLWIFI driver, which is used to help Realtek Wi-Fi chips in Linux gadgets. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is inside the radio and varies from a malicious device. At a minimal, exploits would cause a working-system crash and will possibly permit a hacker to achieve full management of the computer. The flaw dates again to version 3.10.1 of the Linux kernel launched in 2013.

    The vulnerability is tracked as CVE-2019-17666. Linux builders proposed a fix that can doubtless be included in the OS kernel within the coming days or weeks. Only after that can the repair make its means into various Linux distributions.

More of this FUD

  • Linux Could Open The Door To Serious Attacks Over Wifi Signals [Ed: This FUD came from a Microsoft employee and was initially spread by a site where Microsoft employed convicted people to attack Linux and FOSS. This is false, It’s FUD. Nobody enables P2P mode. Almost nobody.]

    A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.