CVE-2019–14287 | SUDO will hit your root

Ishara Abeythissa
2 min readOct 19, 2019

--

SUDO provide most powerful mechanism inside LINUX environment. SUDO (superuser do) is a utility for UNIX- and Linux-based systems that provides an efficient way to give specific users permission to use specific system commands at the root (most powerful) level of the system. SUDO also logs all commands and arguments. Using SUDO, a system administrator can:

  • Give some users (or groups of users) the ability to run some (or all) commands at the root level of system operation
  • Control which commands a user can use on each host
  • See clearly from a log which users used which commands
  • Using timestamp files, control the amount of time a user has to enter commands after they have entered their password and been granted appropriate privileges

The SUDO configuration file is easy to create and to refer to.

Let’s begin. First of all check what is your root version.

SUDO Version

As you can see my SUDO version is 1.8.27 and luckily I’m still vulnerable :).

Adding User

Now I add user called temp for the testing purposes.

Configure VISUDO

If you refer visudo configuration before you will be familiar with this logic inside the configuration file. I’ll do simple describe in there. actually temp user cannot execute id command as root. :)

So Let’s break up this damn rule :)

Exploit is. Adding #(numbers) is vulnerable to break this rule.

Booom :)

Hope you enjoy. Stay touch for more :). Happy Hacking day :)

--

--

Ishara Abeythissa
Ishara Abeythissa

No responses yet