SoylentNews

datapharmer [soylentnews.org] writes:

Time to fire up your favorite package manager. Joe Vennix, a researcher from Apple, has discovered an unsigned variable was used for uid in sudo [soylentnews.org] prior to version 1.8.28, allowing a user to specify -1 or 4294967295 as the uid. This then defaults to uid 0, but since this doesn’t exist in the database no PAM modules are run. This only works for users with sudo rights, but works even if root is explicitly prohibited. See CVE-2019-14287 for more details.

---

Original Submission