UNIX and Linux with Glaring Sudo EnableFlaw Malicious Users to Run Arbitrary Commands

Sudo is a core command that is installed with all the UNIX and Linux based operating system and it is one of the most commonly used Linux commands. Sudo is a powerful utility that allows the user to access the commands and applications of other users without switching the environment. Superuser do is shortly known as the Sudo.

Joe Vennix of Apple Information Security discovered that Sudo deals with some bypass flaw which means that Sudo has a flaw in security because it allows the user to execute the commands and applications just with the user ID "-1" or "4294967295" as the password. But Sudo carries an inbuilt function that considers the general user ID as 0 which is the user ID for the root user. This is the major reason behind the bypass flaw in Sudo.

The possibility of being attacked in Sudo is tracked as CVE-2019-14287. The only way to exploit the security flaw in Sudo is to specify the user Id this can resolve the issue in the conversation function. This bypass flaw is found in all the versions of Sudo except in the latest Sudo version 1.8.28.