Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Sudo Privilege Escalation Vulnerability
(
canonical.com
)
4 points
by
dbrgn
on Oct 14, 2019
|
hide
|
past
|
favorite
|
1 comment
dbrgn
on Oct 14, 2019
[–]
This is pretty afwul. Works perfectly on my Debian machine (where sudo for this user requires the password):
$ sudo -u#-1 whoami root
Ubuntu has fixes, Debian still seems vulnerable:
https://security-tracker.debian.org/tracker/CVE-2019-14287
Here are the technical details:
https://www.sudo.ws/alerts/minus_1_uid.html
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Here are the technical details: https://www.sudo.ws/alerts/minus_1_uid.html