Upgraded version of sudo

Enterprise 2019-10-22 16:55:33 views: null

Causes:
Sudo stands for "superuserdo", it is the Linux system administration commands, allowing the user environment without requiring a complete switch to other users permission to run the application or command, usually root user to run a command to reduce the root user login and management time while increasing security. The vulnerability is sudo to bypass security policy issues, can lead to a malicious program or user to execute arbitrary commands as root on the target Linux system, even if the "sudoers configuration" expressly prohibits the root access is no exception.

Details Vulnerability
CVE ID of the vulnerability is CVE-2019-14287, was discovered by security researcher apple sector Joe Vennix information and analysis. Not so much scary as it makes immense interest: it requires a system with a non-standard configuration. In other words, the default, Linux computer is not vulnerable to aggression. However, if your configuration is this: allow users to run commands as another user privileges other than root privileges, you may need to pay attention: because users can get around this by -u # -1 non-root restriction on the command line. If sudo is configured to allow the user keyword ALL Runas specification as any user operation command is specified by a user ID of -1 or 4,294,967,295 run command as root. As long as Runas specification listed first ALL keyword, even if Runas specification explicitly prohibit root access, it has sufficient sudo permissions and users which can run commands as root. Log entries will target user commands to run in such a way as 4294967295 instead of root. In addition, the command will not run for PAM session modules. Specifically: utilizing the vulnerability requires a user has sudo rights to any user ID to run the command. Generally, this means that the user has a special value ALL sudoers entries in Runas specification. Sudo support in the case of sudoers policy allows the user to specify the name or user ID to run the command.

Upgrade to start:
1. Check the version of the beginning: [root @ yunrong_test ~] # sudo --version

Upgraded version of sudo

2. Download the latest installation package (1.8.28) wget http://www.sudo.ws/dist/sudo-1.8.28p1.tar.gz
3. compile Upgraded version of sudo
4. Installation [root @ localhost sudo-1.8.28p1] # && LN -sfv libsudo_util.so.0.0.0 the install the make /usr/lib/sudo/libsudo_util.so.0
5. The [@ localhost the sudo the root-1.8.28p1] # the sudo --version
Upgraded version of sudo

carry out! ! !

Guess you like

Origin blog.51cto.com/13857489/2444506
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com