Ethical Hacking

CVE-2019-14287 Linux sudo escalation of privileges

CVE-2019-14287 - Linux sudo escalation of privileges

 

Create User and make sure they're able to login

Setup for login and execute tasks:

First you would have created a user:

useradd -m bob -G sudo -s /bin/bash
passwd bob

Being able to login you add to .profile (on top)
vi .profile
PATH=/usr/sbin:$PATH

check who's in sudo with:

groups sudo
groups bob

 

1.1.groups.bob 

Edit the file sudoers

vi /etc/sudoers

 

vi etc sudoers

 

1.2.sudoers

 

Because bob is member of sudo he can perform Administrative tasks.

 

1.3.Standard.sudo

 

2. Prevent partially user privilege specification

This doesn't help too much because of the flaw.

myhost operators =(ALL,!root) !ALL

 

2.1.HardenedFlaw

 

To check which user executes this:
sudo -u#-1 id 0

To execute a command as root:

su root leafpad
cannot be executed because of that rule.

or with the user password it can be executed like this:

sudo -u#-1 leafpad

 

2.2.HardenedFlaw.Exec

 

3. Remediation and Check Group Membership

You could add another line like this:

%sudo ALL=(ALL:!operator) !ALL

 

3.1.Hardened

 

The result is, that Bob cannot perform Administrative tasks anymore.

 

3.2.Hardened.Exec

 

Resolution

But to not use this strange setup as all, you just need to make sure Bob doesn't have sudo rights.

groups root
groups bob

Set default group for Bob
sudo usermod -a -G operator bob
groups bob
gpasswd -d bob sudo
groups bob

 

3.3.set.appropriate.perm

 

Result: Bob is no longer a member of sudo and cannot perform Administrative tasks and is just an operator.

 

Hardened Execuction - Least privilged

 

3.2.Hardened.Exec

 

As you can see it's wizer to not give the users sudo rights.

And this is history when you update your Linux system.

 

Thank you for reading.

Martijn 

 

 

Related Articles

Articles (US)