{"id":17354,"date":"2019-10-15T12:16:29","date_gmt":"2019-10-15T17:16:29","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=17354"},"modified":"2019-10-16T12:54:02","modified_gmt":"2019-10-16T17:54:02","slug":"sudo-flaw-lets-linux-users-run-commands-as-root-even-when-theyre-restricted","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=17354","title":{"rendered":"Sudo Flaw Lets Linux Users Run Commands As Root Even When They&#8217;re Restricted"},"content":{"rendered":"<blockquote><p>What&#8217;s more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID &#8220;-1&#8221; or &#8220;4294967295.&#8221;<\/p>\n<p>That&#8217;s because the <a href=\"https:\/\/www.sudo.ws\/repos\/sudo\/rev\/83db8dba09e7\" target=\"_blank\">function which converts<\/a> user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user..<\/p><\/blockquote>\n<p>Source: <em><a href=\"https:\/\/thehackernews.com\/2019\/10\/linux-sudo-run-as-root-flaw.html\">Sudo Flaw Lets Linux Users Run Commands As Root Even When They&#8217;re Restricted<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What&#8217;s more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID &#8220;-1&#8221; or &#8220;4294967295.&#8221; That&#8217;s because the function which converts user id into its username incorrectly treats &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=17354\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[942,1125,28,692],"class_list":["post-17354","post","type-post","status-publish","format-standard","hentry","category-operating-systems","tag-bugs","tag-exploit-vector","tag-linux-command","tag-user-management"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17354"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17354\/revisions"}],"predecessor-version":[{"id":17355,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17354\/revisions\/17355"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17354"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}