Sudo Bug Allowed Linux Users To Run Commands As Superuser Root
One such flaw was found in Sudo function, which is widely used to run programs, scripts and execute commands with root permissions. The flaw allows any script to be executed with root privileges without the user having root access.
The Sudo command (superuser do) is a widely used command in the Linux operating system. Sudo is responsible for handling superuser permissions. The flaw affects all the Sudo versions prior to the latest released version 1.8.28.
The vulnerability tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security. The vulnerability surprisingly could be exploited by an attacker to run commands as root just by specifying user ID “-1” or “4294967295.”
myhost bob = (ALL, !root) /usr/bin/vi
sudo -u#-1 id -u OR sudo -u#4294967295 id -u
commands to execute vi with root privileges.