Hello, welcome to the Tuesday, October 15th, 2019 edition of the Sands and the Storms

Sunners Stormcast. My name is Johannes Ulrich, and the time recording from Chicago, Illinois.

Well, the good old Unix Sudo utility is making news again and not in a good way.

Sudo has a history of vulnerabilities and what it's trying to accomplish isn't necessarily easy.

You're typically using Sudo in order to fairly carefully assign privileges to users and allow them to run commands as other users.

And among those users, well, you may also have the super user route.

The problem this time is if you are permitting users to run commands as any other user but route, it may still

possible for them to actually run a command as root.

Looks like a sort of an integer overflow that is the cause here.

If you are passing the UID minus one, which of course isn't really valid to Sudo, it will actually execute the command using the UID 0 or root.

Instead of minus 1, you can also use 4,294,967,295,000,295.

Just your maximum 32-bit number.

And in your logs, you will not see UID 0, but instead minus 1 or the 4 billion number that

the user entered.

Also, Pam, the applicableuggable Authocation module,

modules won't actually get executed in this case.

So this is really a approach escalation vulnerability.

A user already has to have access to the system

and the user already has to have some pseudo permissions to run commands as another user.

Still something you probably do want to patch quickly because exploitation is relatively straightforward.

And over the last few days there was a bit of a controversy about how Apple implemented

the safe browsing feature in particular in the latest version of iOS.

...