CVE-2019-14287 linux sudo root 权限绕过漏洞复现
1、准备工具,kali linux,或者任何版本的linux,查看sudo版本
root@kali:~# sudo -V
Sudo version 1.8.21p2
明显该版本低于1.8.28。可以进行漏洞利用。
2、创建test用户,并分配密码
root@kali:/etc# useradd test
root@kali:/etc# passwd test
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
3、切换到etc目录下面,创建test用户,编辑sudoers文件,添加test ALL=(ALL,!root) /usr/bin/vim行。
root@kali:~# cd /etc
root@kali:/etc# vi sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privil