A new vulnerability was discovered earlier this week in the sudo package. Sudo is one of the most powerful and commonly used utilities installed on almost every UNIX and Linux-based operating system.
The sudo vulnerability CVE-2019-14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as root on a Linux system when the "sudoers configuration" explicitly disallows the root access. Exploiting the vulnerability requires the user to have sudo privileges that allow them to run commands with an arbitrary user ID, except root.
The following terms need to be met before exploiting:
Run Sudo command with User ID -1 or 4294967295
The function which converts user id into its username incorrectly treats -1,or its unsigned equivalent 4294967295, like 0, which is always the user ID of root user.
To find out if you are vulnerable you will have the sudo version prior to 1.8.28 and run the following command in your terminal to seek for a match:
|cat /etc/sudoers | grep “(\s*ALL\s*,\s*\!root\s*)”|
|cat /etc/sudoers | grep “(\s*ALL\s*,\s*\!#0\s*)”|
This security vulnerability is more interesting than concerning as the sudo package is not commonly run in containers. Containers usually run with a single user with ability to run as root in the container but not outside of it. Further, there is no typical operational reason to run a container with more than a single user.
However, in the event sudo is in your container environment in a fundamentally insecure way this is how Aqua can help you:
Aqua Image Assurance policy
Aqua Runtime protection
Aqua Image profile
These features and more can help you to have more control and visibility. Use Aqua to protect your Cloud Native environment without disrupting business continuity or pausing containers.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.