ArchLinux: 201910-9: sudo: privilege escalation

    Date16 Oct 2019
    CategoryArchLinux
    349
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package sudo before version 1.8.28-1 is vulnerable to privilege escalation.
    Arch Linux Security Advisory ASA-201910-9
    =========================================
    
    Severity: High
    Date    : 2019-10-16
    CVE-ID  : CVE-2019-14287
    Package : sudo
    Type    : privilege escalation
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1047
    
    Summary
    =======
    
    The package sudo before version 1.8.28-1 is vulnerable to privilege
    escalation.
    
    Resolution
    ==========
    
    Upgrade to 1.8.28-1.
    
    # pacman -Syu "sudo>=1.8.28-1"
    
    The problem has been fixed upstream in version 1.8.28.
    
    Workaround
    ==========
    
    This vulnerability only affects configurations of sudo that have a
    runas user list that includes an exclusion of root. The most simple
    example is:
    
        someuser ALL=(ALL, !root) /usr/bin/somecommand
    
    The exclusion is specified using an excalamation mark (!). In this
    example, the "root" user is specified by name. The root user may also
    be identified in other ways, such as by user id:
    
        someuser ALL=(ALL, !#0) /usr/bin/somecommand
    
    or by reference to a runas alias:
    
        Runas_Alias MYGROUP = root, adminuser
        someuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand
    
    To ensure your sudoers configuration is not affected by this
    vulnerability, we recommend examining each sudoers entry that includes
    the `!` character in the runas specification, to ensure that the root
    user is not among the exclusions. These can be found in the
    /etc/sudoers file or files under /etc/sudoers.d.
    
    Description
    ===========
    
    A flaw was found in the way sudo prior to 1.8.28 implemented running
    commands with arbitrary user ID. If a sudoers entry is written to allow
    the attacker to run a command as any user except root, this flaw can be
    used by the attacker to bypass that restriction.
    
    Impact
    ======
    
    A local attacker is able to gain root privileges when sudo is
    configured to have a runas user list that includes an exclusion of
    root.
    
    References
    ==========
    
    https://www.sudo.ws/alerts/minus_1_uid.html
    https://www.sudo.ws/repos/sudo/rev/83db8dba09e7
    https://security.archlinux.org/CVE-2019-14287
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.