此漏洞编号为 CVE-2019-14287 ,由 Apple Information Security 的 Joe Vennix 跟踪与发现。
🔥 CVE-2019-14287
A flaw in Sudo—that comes installed on almost every #Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://t.co/NeFvITBR73
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root. pic.twitter.com/zlvC7PSYrI
— The Hacker News (@TheHackersNews) October 14, 2019
该漏洞影响 Sudo v1.8.28 之前的所有版本,新版本 ( v1.8.28 ) 已修复,各大 Linux 发行版已于今日为用户下发修复更新。
触发前提
用户在 /etc/sudoers
中,配置 sudo 限制为 user = (ALL, !root) command
其中 只要执行者限定满足 ALL 条件即可提权至 root 用户
测试命令(两种均可)
sudo -u#-1 whoami sudo -u#4294967295 whoami