CVE-2019-14287

Отчет

This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example: someuser myhost = (ALL, !root) /usr/bin/somecommand This configuration allows user "someuser" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration. Any other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw. Red Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.

Меры по смягчению последствий

This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:

The exclusion is specified using an excalamation mark (!). In this example, the "root" user is specified by name. The root user may also be identified in other ways, such as by user id:

or by reference to a runas alias:

To ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the ! character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.