|
|
|
|
|
|
by alethiophile
2440 days ago
|
|
|
It only works if you've got a specific, somewhat unlikely configuration. You need to have ALL in the user specifier, but not root (or else it's not a vuln, just a bug). So > username ALL=(ALL, !root) ALL would be vulnerable; this is trying to let username run commands as any other user _except_ root, but using this vuln the user can get around it. You can duplicate it by running (as a user with sudo ALL privileges) `sudo -u#-1 id`; it'll show 0, for root. |
|
|