Published on 15 October 2019 by

On 14 October 2019 a new vulnerability was announced in sudo that would allow a malicious user with sudo access to bypass security and run as root, effectively owning your systems.

If you have sudo you can run the following commands to escalate yourself to root.

sudo -u#-1 id -u

or

sudo -u#4294967295 id -u

At Puppet, our security team found and fixed this sudo vulnerability on all our systems instantly using the recently-launched Puppet Remediate. Here’s how you can too:

Find it (CVE-2019-14287, sudo vulnerability)

First of all, you need to find which systems contain vulnerable versions of sudo below 1.8.28. In Puppet Remediate this is a single command:

  1. Open Run Tasks
  2. Run the following shell command: sudo -V | grep "^Sudo version"

Screnshot of running shell command

  1. Select all your nodes
  2. Run the command and view the output to find any system running sudo below version 1.8.28

Screenshot of running the command in Puppet Remediate

Fix it (CVE-2019-14287, sudo vulnerability)

  1. On the boxes you found to be potentially vulnerable, run the following task.
  2. Select Run Task > Manage Package > Upgrade > sudo

Screenshot of selecting task to upgrade sudo

  1. Select one node, or all affected nodes, and Run the Task.
  2. Verify the fix. Check Sudo was upgraded to the version you expected, should be 1.8.28 or above or the fixed version on your OS (1.8.19p1-2.1+deb9u1 on debian stretch release https://security-tracker.debian.org/tracker/CVE-2019-14287)

Manage packages

Don’t have Puppet Remediate? Here’s how to do it manually or with Bolt

We want to help the community even if you don’t have Puppet Remediate, so here’s the commands to fix this sudo vulnerability manually, or using use our open source tool Bolt.

Run this command against your Linux boxes:

sudo -V | grep "^Sudo version"

List all the boxes that have versions below 1.8.28 (or corresponding fix version for your OS). Then upgrade the potentially vulnerable ones by running either apt-get or yum

apt-get upgrade sudo

You will need to run this against each vulnerable box, or write a script to perform all the updates.

We are always happy to chat security in the Puppet Community Slack.

Want to try Puppet Remediate out?

Puppet is encouraging everyone to join the community around Puppet Remediate. You can find out more about Puppet Remediate here.

Jonathan Stewart is a principal product manager at Puppet.

Share via:
Posted in:
The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.