Forwarded from CTF Community | Hints
Potential bypass of Runas user restrictions
Release Date:
October 14, 2019
Summary:
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.
This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.
@ctfplay
Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Sudo versions affected:
Sudo versions prior to 1.8.28 are affected.
CVE ID:
This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.
Ref:
https://www.sudo.ws/alerts/minus_1_uid.html
https://access.redhat.com/security/cve/cve-2019-14287
#News
#Linux
@ctfplay
Release Date:
October 14, 2019
Summary:
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.
This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.
@ctfplay
Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Sudo versions affected:
Sudo versions prior to 1.8.28 are affected.
CVE ID:
This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.
Ref:
https://www.sudo.ws/alerts/minus_1_uid.html
https://access.redhat.com/security/cve/cve-2019-14287
#News
#Linux
@ctfplay
Sudo
Potential bypass of Runas user restrictions
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.
This can be used by a user with sufficient sudo privileges…
This can be used by a user with sufficient sudo privileges…
Forwarded from CTF Community | Hints
Performing Linux Forensic Analysis and Why You Should Care! Workshop
https://github.com/ashemery/LinuxForensics
#Linux
#Forensics
#Blueteam
@ctfplay
https://github.com/ashemery/LinuxForensics
#Linux
#Forensics
#Blueteam
@ctfplay
GitHub
GitHub - ashemery/LinuxForensics: Everything related to Linux Forensics
Everything related to Linux Forensics. Contribute to ashemery/LinuxForensics development by creating an account on GitHub.
Forwarded from CTF Community | Hints
⭕️ Automated RE of Kernel Configurations
Brandon Miller published an article about his Binary Ninja plugin that analyzes Linux kernel binaries to recover kernel configuration options.
This tool is called bn-kconfig-recover. It can help when a kernel binary has CONFIG_IKCONFIG disabled.
#kernel #linux #binary
@ctfplay
Brandon Miller published an article about his Binary Ninja plugin that analyzes Linux kernel binaries to recover kernel configuration options.
This tool is called bn-kconfig-recover. It can help when a kernel binary has CONFIG_IKCONFIG disabled.
#kernel #linux #binary
@ctfplay