Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to understand the sudo empowerment loophole". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to understand the sudo empowerment loophole".

Preface

Linux rights promotion loophole (cve-2021-3156) sudo rights promotion loophole has been quite popular recently, and all the major media in the security circle have made relevant reports. First, freebuf, the front page solemnly exposed this latest loophole.

Toast is also the hottest this week.

Each Wechat official account also analyzed and introduced the loophole. In short, it is enough to show that the loophole is still very appealing, and the general loophole rarely has such attention. Sudo version of the influence scope: (here's an introduction to the very important commands in sudo,Linux, such as privilege escalation, account switching, etc. For example, if you need root permission to execute a command, you can enter the password after entering the password at the beginning of the sudo command) Sudo 1.8.2-1.8.31p2Sudo 1.9.0-1.9.5p1 affected Linux version: Ubuntu 20.04.1 (Focal Fossa)-sudo 1.8.31, libc-2.31 Debian 10.0 (Buster)-sudo 1.8.27, libc-2.28 must be emphasized here This vulnerability is not applicable in many systems. Through testing in different Linux versions, it is found that the claim vulnerability can not be successfully reproduced to the Linux of sentos. In the ubuntu environment, if the permissions of ordinary users are too low, they cannot be reproduced successfully, for example, when ordinary users cannot execute make commands.

Loophole recurrence

It can be reproduced successfully in versions below Ubuntu 20.04.1. The following ubuntu environment is not logged in. When logging in, you will directly prompt the system to upgrade to the latest version Ubuntu 20.04.1.

Check the current version: ubuntu18.04.1uname-a

Ordinary users check the user password: cat / etc/shadow (access denied) make compilation via downloaded poc: make

(script for entitlement: sudo-hax-me-a-sandwich)

Execute. / sudo-hax-me-a-sandwich

Prompt to enter 0 or 1 to select the appropriate version. Ubuntu is used here, so 0:./sudo-hax-me-a-sandwich 0 gets root permission to view the shadow file: cat / etc/shadow (shadow is used to store the password hash value of the Linux user)

Reference and suggestion

1. At present, the official suggestion is to upgrade the version, and in the process, we also see the hint to upgrade the system, and we suggest to upgrade the system on the premise of making a good data backup.

two。 The cause of the vulnerability is mainly due to sudo, so it can be solved to kill the sudo function directly. Although this solution can solve the vulnerability problem and cause the sudo function to be unable to use, it is not recommended to use this method.

Inspection scheme

By entering: sudoedit-s / if prompted with the first letter sudoedit in the Linux console, you may be affected by this vulnerability, otherwise it will not be affected.

Personal opinion

As the rights loopholes occupy the major media headlines in the security circle, we can also see that the rights promotion is gradually taken seriously by the cousins in the penetration testing, and most of the time, the rights promotion is ignored. In the general network security inspection, risk assessment, protection assessment and other work, few people check the rights promotion loopholes to a higher level. Due to the heavy workload of security services, it is not easy to find and deal with the superficial problems, not to mention the deep-seated problems such as rights are difficult to dig out efficiently. Empowerment is a very important technology in the post-infiltration stage, which is particularly important if you want to get higher scores in some competitions. The success of empowerment in in-depth penetration tests (such as hvv, offensive and defensive drills) often determines the key to the success of infiltration, which is different from general inspection and evaluation. To a certain extent, empowerment technology can be achieved through technical means other than rights loopholes, such as password cracking, brute force cracking, social engineering, baseline configuration and so on. The development of rights loopholes is inevitable "existence and rationality". In windows series, rights can be raised through browsers and office. Rights loopholes can often take down the target host or even cause damage without any exposed assets. Rights raising vulnerabilities need a system, because you cannot directly run to the system to execute permissions, so you must use web/app vulnerabilities or weak passwords to obtain ordinary user rights, so rights raising vulnerabilities can not be used in the first place, depending on strength and luck.

Thank you for your reading, the above is the content of "how to understand sudo rights loopholes". After the study of this article, I believe you have a deeper understanding of how to understand sudo rights loopholes, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.