What is Sudo?
Sudo is a program dedicated to the Linux operating system, or any other Unix-like operating system, and is used to delegate privileges. For example, it can be used by a local user who wants to run commands as root — the windows equivalent of admin user.
A new security issue discovered by Joe Vennix of Apple Information Security, in all Sudo versions 1.8.28. The security flaw could enable a malicious user to execute arbitrary commands as root user even in cases where the root access is disallowed.
Explanation of vulnerability
sudoers file contains the information regarding privileges for different users and groups of our server. It is one of the most important files in the system and needs to be handled with care
The issue occurs when a sysadmin inserts an entry into the sudoers file, for example:
The syntax for the command user (host)=(user:group) commands
root ALL = (ALL, ALL) ALL
above rule says that a root user can execute any command as any user or any group from any host.
Normal ALL = (ALL, !root) /usr/bin/whoami
above rule mention that Normal is allowed to run “Whoami” as any user except the root user.
Bypass the user restriction of normal user and execute as root. Run Sudo command with User ID -1 or 4294967295
sudo -u#-1 type your command
Proof of concept
Keep Calm And Update Your Sudo Version