Language Selection

English French German Italian Portuguese Spanish

Linux security hole: Much sudo about nothing

Filed under
Linux
Security

There's a lot of hubbub out there now about a security hole in the Unix/Linux family's sudo command. Sudo is the command, which enables normal users to run commands as if they were the root user, aka the system administrator. While this sudo security vulnerability is a real problem and needs patching, it's not nearly as bad as some people make it out to be.

At first glance the problem looks like a bad one. With it, a user who is allowed to use sudo to run commands as any other user, except root, can still use it to run root commands. For this to happen, several things must be set up just wrong.

First the sudo user group must give a user the right to use sudo but doesn't give the privilege of using it to run root commands. That can happen when you want a user to have the right to run specific commands that they wouldn't normally be able to use. Next, sudo must be configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification.

Read more

Potential bypass of Runas user restrictions

  • Potential bypass of Runas user restrictions

    When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

    This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

    Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.

Linux Sudo bug opens root access to unauthorized users

  • Linux Sudo bug opens root access to unauthorized users

    Sudo, the main command in Linux that allows users to run tasks, has been found to have a vulnerability that allows unauthorized users to execute commands as a root user.

    The vulnerability, known as CVE-2019-14287, does require a nonstandard configuration but nonetheless does open the door to unauthorized users.

    The vulnerability allows users to bypass the nonroot restriction by simply using -u#-1 in the command line. As The Hacker News described it Monday, the sudo security policy bypass issue allows “a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the ‘sudoers configuration’ explicitly disallows the root access.”

More Sudo Coverage

  • One of Linux's most important commands had a glaring security flaw
  • Sudo Vulnerability

    ‘sudo’ is one of the most useful Linux/UNIX commands that allows users without root privileges to manage administrative tasks. However, a new vulnerability was discovered in sudo package that gives users root privileges.

    “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295,” according to the sudo advisory.

  • Linux/Unix exploit allows some restricted commands to be run as root without clearance

    The 'sudo' keyword in Unix and Linux allows users to execute certain commands with special-access privileges that cannot otherwise run on a given machine by a user with a lower level of clearance. Unsurprisingly, it is one of the most important commands in the entire Linux/Unix ecosystem, one that can substantially compromise the device's security if it is exploited.

    One such exploit/bug was discovered by Joe Vennix from Apple Information Security. The vulnerability has been titled CVE-2019-14287 in the Common Vulnerabilities and Exposure database. As stated before, 'sudo' lets you run commands that cannot otherwise be run by normal users on the machine. With CVE-2019-14287, you could circumvent this by simply changing the user ID to -1 or 4294967295 with the 'sudo' command. That means that by spoofing their identity, any user could execute restricted commands on the machine.

Big security flaw in Linux sudo command

  • Big security flaw in Linux sudo command

    Apple security researcher Joe Vennix has found a security bug in the important sudo command in Linux.

    The sudo command, which is short for “super user do”, is widely used in various Linux distributions to separate administrator-level permissions from ordinary system users.

    When installing programs, for instance, you would typically use the sudo command. Using sudo in front of any command or program causes it to be run as the administrator, or “root” user.

Security Flaw in Sudo...

  • Security Flaw in Sudo allows Users to Run Commands on Linux Systems

    Security researchers discovered a security bypass vulnerability in one of the most widely used Linux commands, the Sudo.

    According to researcher Joe Vennix, who discovered the vulnerability, the Sudo security bypass flaw can allow a malicious user to run random commands as root on a targeted Linux system. The researcher stated the vulnerability, named as CVE-2019-14287, works even when the Sudoers configuration forbids root access.

    Sudo, which stands for Superuser Do, is one of the most important and commonly used utilities that comes as a core command, installed on almost every UNIX and Linux-based operating system.

'Serious' Linux Sudo Bug's Damage Potential

  • 'Serious' Linux Sudo Bug's Damage Potential Actually May Be Small

    Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed.

    The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, software developer and senior engineer at Quest Software and a maintainer of the open source Sudo project.

    "Most Sudo configurations are not affected by the bug. Non-enterprise home users are unlikely to be affected at all," he told LinuxInsider.

Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root

More Linux Bug

  • Linux Sudo bug could allow hackers root access

    Security researchers have discovered a bug in Sudo that enables hackers to execute commands as root on a Linux system when the "sudoers configuration" explicitly disallows the root access.
    Sudo is a powerful utility that is installed on virtually every Unix and Linux system; it enables certain users or groups to execute commands in the context of any other user – including as root – without having to log in as a different user.
    Exploiting the vulnerability requires the user to have Sudo privileges that allow them to run commands with an arbitrary user ID, except root. This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.

  • Linux Wi-Fi bug leaves systems vulnerable to forced crashes and full control by hackers

    A vulnerability has been discovered in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips on Linux system. A flaw in the driver could be exploited to either crash your device, or even allow an attacker to take full control of your system.

    The bug has been around for at least four years, and is described as 'serious' by security experts. It has been assigned CVE-2019-17666, and while a fix has been proposed, it's yet to be incorporated into the Linux kernel.

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

  • Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

    A critical Linux bug has been discovered that could allow attackers to fully compromise vulnerable machines. A fix has been proposed but has not yet been incorporated into the Linux kernel.

    The flaw (CVE-2019-17666), which was classified as critical in severity, exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek Wi-Fi modules, used in Linux devices, to communicate with the Linux operating system.

    Specifically, the driver is vulnerable to a buffer overflow attack, where a buffer (a region in physical memory storage used to temporarily store data while it is being moved) is allocated in the heap portion of memory (a region of process’s memory which is used to store dynamic variables). That excess data in turn corrupts nearby space in memory and could alter other data, opening the door for malicious attacks. This specific flaw could enable attackers to launch a variety of attacks – from crashing vulnerable Linux machines to full takeover.

"Driver checks whether the card is currently connected in p2p"

  • This Week In Security: A Digital Café Américain, The Linux Bugs That Weren't, The Great Nation, And More

    A problem in sudo was disclosed this week, that allowed users to run commands as root even when they don’t have permission to do so. Sudo allows a user to specify a numeric user ID instead of a username. It was discovered that specifying -1 as the user did something unexpected, it failed. Trying to switch to user -1 fails, but sudo runs the rest of the command anyway, as root instead of user -1. I was excited to test this simple vulnerability on a slightly out-of-date system. I created an unprivileged user, ran the sudo command, and got the expected security error, but no root access.

    [...]

    In some ways a similar story, a problem in the Linux Kernel’s Realtek driver was found on Monday. At first glance, it’s another terrifying vulnerability that affects every Linux user with a Realtek wireless card. It’s appears to be a standard buffer overflow, where the length of a field is checked in one way, but not checked to be under the maximum length. A longer than expected data field will overflow the buffer and cause problems. A code execution exploit has not yet been discovered, but it’s likely to be eventually found.

    The catch with this bug is that before the vulnerable code is called, the driver checks whether the card is currently connected in p2p mode. Here’s the check in question if you’re interested. This means that rather than being vulnerable to attack any time your Realtek is powered on, you aren’t actually at risk unless you’re talking to another device using the p2p WiFi mode. In all the Linux WiFi work I’ve done over the years, I don’t think I’ve ever used p2p mode on a wireless card under Linux.

  • A Linux Bug Can Be Exploited To Hack Systems Using Wi-Fi Signals

    An unpatched bug in Linux systems could be exploited to crash the entire operating system, even worse, gain control of the system via nearby devices using Wi-Fi signals.

    The flaw stems from the RTLWIFI driver that supports Realtek Wi-Fi chips in Linux systems. The driver flaw can be activated as soon as the affected device is brought under the radio range of a malicious device.

  • Unpaired Linux bug can open devices for serious attacks via Wi-Fi

    The vulnerability is tracked as CVE-2019-17666. Linux developers suggested a fix on Wednesday that is likely to be included in the OS kernel in the coming days or weeks. Only then will the fix find its way to various Linux distributions.

    [...]

    The article notes that the error "cannot be activated if Wi-Fi is disabled or if the device uses a Wi-Fi chip from another manufacturer."

Patch Awaited For A Critical Four-Year-Old Linux WiFi...

  • Patch Awaited For A Critical Four-Year-Old Linux WiFi Vulnerability

    Linux users unknowingly remained vulnerable to a serious security flaw for almost four years. Recently, a researcher highlighted a critical Linux WiFi vulnerability that could allow system compromise. The bug existed for four years and still awaits a patch.

    Reportedly, there is a security vulnerability affecting millions of Linux users. The vulnerability primarily affects the Realtek driver (rtlwifi) allowing an adversary to compromise the targeted system. As discovered by the researcher Nico Waisman, the Linux WiFi vulnerability existed for about four years.

Linux Could Open The Door To Serious Attacks Over Wifi Signals

  • Linux Could Open The Door To Serious Attacks Over Wifi Signals

    A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.

    The flaw is situated within the RTLWIFI driver, which is used to help Realtek Wi-Fi chips in Linux gadgets. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is inside the radio and varies from a malicious device. At a minimal, exploits would cause a working-system crash and will possibly permit a hacker to achieve full management of the computer. The flaw dates again to version 3.10.1 of the Linux kernel launched in 2013.

    The vulnerability is tracked as CVE-2019-17666. Linux builders proposed a fix that can doubtless be included in the OS kernel within the coming days or weeks. Only after that can the repair make its means into various Linux distributions.

More of this FUD

  • Linux Could Open The Door To Serious Attacks Over Wifi Signals [Ed: This FUD came from a Microsoft employee and was initially spread by a site where Microsoft employed convicted people to attack Linux and FOSS. This is false, It’s FUD. Nobody enables P2P mode. Almost nobody.]

    A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

  • Faster Winter 4: Export lists

    Without an export, the compiler has to assume that every top-level function can possibly called from the outside, even functions that you think of as “internal”. If you have a function that you do not export, like instr, step_work and step after my change, the compiler can see all the places the function is called. If the function is only called in one place, it may inline it (copy its definition into where it is called), and simplify the code around the edges. And even if it does not inline the function, it might learn something about how the functions are used, and optimize them based on that (e.g. based on Demand Analysis).

  • Ondřej Holý: How to call asynchronous function synchronously

    GLib provides a lot of asynchronous functions, especially to deal with I/O. Unfortunately, some functions don’t have synchronous equivalents and the code has to be split into several callbacks. This is not handy in some cases. My this year’s GSoC student recently asked me whether it is possible to create synchronous function from asynchronous. He is currently working on test suite and don’t want to split test cases into several callbacks. So I decided to write a blog spot about as it might be handy for more people.

  • Sort list alphabetically with python

    You will be given a vector of string(s). You must sort it alphabetically (case-sensitive!!) and then return the first value. The returned value must be a string and have “***” between each of its letters. You should not remove or add elements from/to the array. Above is another problem in codewars, besides asking us to sort the array list and returning the first value in that list, we also need to insert stars within the characters.

  • Abolishing SyntaxError: invalid syntax ...

    Do you remember when you first started programming (possibly with Python) and encountered an error message that completely baffled you? For some reason, perhaps because you were required to complete a formal course or because you were naturally persistent, you didn't let such messages discourage you entirely and you persevered. And now, whenever you see such cryptic error messages, you can almost immediately decipher them and figure out what causes them and fix the problem. Congratulations, you are part of an elite group! Even a large number of people who claim that they can program are almost certainly less capable than you are. Given your good fortune, would you mind donating 5 to 10 minutes of your time to help countless beginners that are struggling in trying to understand Python error messages?

  • Is it too late to integrate GitOps?

    The idiom “missed the boat” can be used to describe the loss of an opportunity or a chance to do something. With OpenShift, the excitement to use this new and cool product immediately may create your own “missed the boat” moment in regards to managing and maintaining deployments, routes, and other OpenShift objects but what if the opportunity isn’t completely gone? Continuing with our series on GitOps (LINK), the following article will walk through the process of migrating an application and its resources that were created manually to a process in which a GitOps tool manages the assets. To help us understand the process we will manually deploy a httpd application. Using the steps below we will create a namespace, deployment, and service and expose the service which will create a route.

Canonical Teases Big Ubuntu Announcement with Leading Global Automation Company

Canonical, the company behind the popular Ubuntu Linux operating system, announced today that it will be present at the upcoming Smart Product Solutions (SPS) 2019 event in Nuremberg to showcase Ubuntu Core to the industrial Mittelstand. Canonical continues to promote its Ubuntu Core operating system, a slimmed-down version of Ubuntu designed and optimized to run on smaller, embedded hardware, such as IoT (Internet of Things) devices, and it now promises to support the Mittelstand innovators, which are medium-sized companies, with Open Source software and GNU/Linux technologies. Read more Also: The lifecycle of a component

today's howtos

Zorin OS 15 Lite Gives Xfce an Awesome Makeover

Zorin OS 15 Lite is designed to work on older computers with low hardware configuration. The customized Xfce desktop gives Zorin OS Lite a sleek modern look. See it yourself. Read more