If you are a Unix user this article is for you!

Last day a researcher called Joe Vennix from Apple Information Security, found a critical flaw in the Sudo function in Unix Os, the vulnerability allows users to bypass the restriction written in the sudoers file, and execute any commands as root.

Vennix said that all the Sudo versions prior to 1.8.28 are affected.

Simple Demo:

In the first step, we created a new simple user called esisa1, you can do it by the command <Adduser “name_of_ur_user”>

let's say that we have the Sudo password but with some restrictions, which means that we will not be able to execute some special tasks.

In the second step let's go to a file called “sudoers.tmp” by the command <Sudo visudo>

This is how the file looks like :

After opening the file go to the #User privilege specification and add a new line as shown in the picture < esisa1 ALL=(ALL, !root) ALL>

Now you did 90% of the work you still need one step to exploit all this and be able to execute any command you want as root even the restrictions, this can be done like that :

chose the command you wanna execute and put it with a negative UID, I choose to run the bash shell with the command <sudo -u#-1 /bin/bas> and bingo its executed as root!

Simple link to go deeper with the bug : https://seclists.org/oss-sec/2019/q4/18?fbclid=IwAR26wU1JjZZqI3blZKl5EQNyCsu8OqwPG4fzCKfpQ8zp9S-n9UJy27fLPDc

Don’t forget to update your systems ❤.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store