A flaw in sudo opens root access to Linux users
1 min readThe CVE-2019-14287 flaw exploits a bug in the sudo command line used in the vast majority of Linux systems but also Unix. It can provide simple users with root access.
Like any operating system, Linux is far from infallible. One of the latest vulnerabilities discovered is sudo (substitute user do), its most famous command line, which allows any user to have root access rights.
“When sudo is configured to allow a user to execute commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to execute commands as root by specifying user ID -1 or 4294967295,” says Todd Miller, Sudo project manager for nearly 27 years. And The Hacker news adds: “This vulnerability allows to bypass the sudo security policy to allow a malicious user or program to execute arbitrary commands as a root on a targeted Linux system, even when the sudoers configuration explicitly prohibits access to the root”.