LINUX.ORG.RU

Уязвимость в sudo

 


0

1

What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or «4294967295.»
That's because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user.

https://amp.thehackernews.com/thn/2019/10/linux-sudo-run-as-root-flaw.html

Перемещено leave из talks

★★★★★